{ "name": "fortinet_fortimail", "title": "Fortinet FortiMail", "version": "2.19.1", "release": "ga", "description": "Collect logs from Fortinet FortiMail instances with Elastic Agent.", "type": "integration", "download": "/epr/fortinet_fortimail/fortinet_fortimail-2.19.1.zip", "path": "/package/fortinet_fortimail/2.19.1", "icons": [ { "src": "/img/fortinet-logo.svg", "path": "/package/fortinet_fortimail/2.19.1/img/fortinet-logo.svg", "title": "Fortinet", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "email_security" ], "signature_path": "/epr/fortinet_fortimail/fortinet_fortimail-2.19.1.zip.sig", "format_version": "3.0.3", "readme": "/package/fortinet_fortimail/2.19.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/fortinet-fortimail-antispam-antivirus-encryption-dashboard.png", "path": "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-antispam-antivirus-encryption-dashboard.png", "title": "Fortinet FortiMail Antispam, Antivirus & Encryption Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/fortinet-fortimail-email-dashboard.png", "path": "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-email-dashboard.png", "title": "Fortinet FortiMail Email Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/fortinet-fortimail-history-dashboard.png", "path": "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-history-dashboard.png", "title": "Fortinet FortiMail History Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/fortinet-fortimail-system-dashboard.png", "path": "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-system-dashboard.png", "title": "Fortinet FortiMail System Dashboard Screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/fortinet_fortimail/2.19.1/LICENSE.txt", "/package/fortinet_fortimail/2.19.1/changelog.yml", "/package/fortinet_fortimail/2.19.1/manifest.yml", "/package/fortinet_fortimail/2.19.1/validation.yml", "/package/fortinet_fortimail/2.19.1/docs/README.md", "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-antispam-antivirus-encryption-dashboard.png", "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-configure-syslog-server.png", "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-email-dashboard.png", "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-history-dashboard.png", "/package/fortinet_fortimail/2.19.1/img/fortinet-fortimail-system-dashboard.png", "/package/fortinet_fortimail/2.19.1/img/fortinet-logo.svg", "/package/fortinet_fortimail/2.19.1/kibana/tags.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/manifest.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/sample_event.json", "/package/fortinet_fortimail/2.19.1/docs/knowledge_base/service_info.md", "/package/fortinet_fortimail/2.19.1/kibana/dashboard/fortinet_fortimail-8adfeca0-a942-11ed-8ba6-130117898d4a.json", "/package/fortinet_fortimail/2.19.1/kibana/dashboard/fortinet_fortimail-c4b7f4d0-a93e-11ed-8ba6-130117898d4a.json", "/package/fortinet_fortimail/2.19.1/kibana/dashboard/fortinet_fortimail-d5803cc0-a937-11ed-8ba6-130117898d4a.json", "/package/fortinet_fortimail/2.19.1/kibana/dashboard/fortinet_fortimail-f352d950-a870-11ed-8ba6-130117898d4a.json", "/package/fortinet_fortimail/2.19.1/data_stream/log/fields/base-fields.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/fields/beats.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/fields/fields.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/agent/stream/filestream.yml.hbs", "/package/fortinet_fortimail/2.19.1/data_stream/log/agent/stream/tcp.yml.hbs", "/package/fortinet_fortimail/2.19.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_antispam.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_antivirus.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_encryption.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_history.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mail.yml", "/package/fortinet_fortimail/2.19.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system.yml" ], "policy_templates": [ { "name": "fortinet_fortimail", "title": "Fortinet FortiMail logs", "description": "Collect logs from Fortinet FortiMail instances.", "inputs": [ { "type": "filestream", "title": "Collect Fortinet FortiMail logs via Filestream input", "description": "Collecting logs from Fortinet FortiMail instances via filestream input." }, { "type": "tcp", "title": "Collect Fortinet FortiMail logs via TCP input", "description": "Collecting logs from Fortinet FortiMail instances via tcp input." }, { "type": "udp", "title": "Collect Fortinet FortiMail logs via UDP input", "description": "Collecting logs from Fortinet FortiMail instances via udp input." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "fortinet_fortimail.log", "title": "Collect logs from Fortinet FortiMail", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "filestream", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "description": "A list of glob-based paths that will be crawled and fetched.", "multi": true, "required": true, "show_user": true }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\") or an HH:mm differential (e.g. \"-05:00\").", "multi": false, "required": true, "show_user": true, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "fortinet_fortimail-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve fortinet_fortimail.log fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "filestream.yml.hbs", "title": "Fortinet FortiMail logs", "description": "Collect Fortinet FortiMail logs via Filestream input.", "enabled": false, "ingestion_method": "File" }, { "input": "tcp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9024 }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input.", "multi": false, "required": false, "show_user": false, "default": "framing: rfc6587\n#max_message_size: 50KiB\n#max_connections: 1\n#line_delimiter: \"\\n\"\n" }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\") or an HH:mm differential (e.g. \"-05:00\").", "multi": false, "required": true, "show_user": false, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "fortinet_fortimail-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve fortinet_fortimail.log fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "Fortinet FortiMail logs", "description": "Collect Fortinet FortiMail logs via TCP input.", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "udp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9024 }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\") or an HH:mm differential (e.g. \"-05:00\").", "multi": false, "required": true, "show_user": true, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "fortinet_fortimail-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve fortinet_fortimail.log fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Fortinet FortiMail logs", "description": "Collect Fortinet FortiMail logs via UDP input.", "enabled": true, "ingestion_method": "Network Protocol" } ], "package": "fortinet_fortimail", "elasticsearch": { "index_template.mappings": { "dynamic_templates": [ { "_embedded_ecs-ecs_timestamp": { "mapping": { "ignore_malformed": false, "type": "date" }, "path_match": "@timestamp" } }, { "_embedded_ecs-data_stream_to_constant": { "mapping": { "type": "constant_keyword" }, "path_match": "data_stream.*" } }, { "_embedded_ecs-resolved_ip_to_ip": { "mapping": { "type": "ip" }, "match": "resolved_ip" } }, { "_embedded_ecs-forwarded_ip_to_ip": { "mapping": { "type": "ip" }, "match": "forwarded_ip", "match_mapping_type": "string" } }, { "_embedded_ecs-ip_to_ip": { "mapping": { "type": "ip" }, "match": "ip", "match_mapping_type": "string" } }, { "_embedded_ecs-x509_public_key_exponent_non_indexed_long": { "mapping": { "doc_values": false, "index": false, "type": "long" }, "path_match": "*.x509.public_key_exponent" } }, { "_embedded_ecs-port_to_long": { "mapping": { "type": "long" }, "match": "port" } }, { "_embedded_ecs-thread_id_to_long": { "mapping": { "type": "long" }, "path_match": "*.thread.id" } }, { "_embedded_ecs-status_code_to_long": { "mapping": { "type": "long" }, "match": "status_code" } }, { "_embedded_ecs-line_to_long": { "mapping": { "type": "long" }, "path_match": "*.file.line" } }, { "_embedded_ecs-priority_to_long": { "mapping": { "type": "long" }, "path_match": "log.syslog.priority" } }, { "_embedded_ecs-code_to_long": { "mapping": { "type": "long" }, "path_match": "*.facility.code" } }, { "_embedded_ecs-code_to_long": { "mapping": { "type": "long" }, "path_match": "*.severity.code" } }, { "_embedded_ecs-bytes_to_long": { "mapping": { "type": "long" }, "match": "bytes", "path_unmatch": "*.data.bytes" } }, { "_embedded_ecs-packets_to_long": { "mapping": { "type": "long" }, "match": "packets" } }, { "_embedded_ecs-public_key_exponent_to_long": { "mapping": { "type": "long" }, "match": "public_key_exponent" } }, { "_embedded_ecs-severity_to_long": { "mapping": { "type": "long" }, "path_match": "event.severity" } }, { "_embedded_ecs-duration_to_long": { "mapping": { "type": "long" }, "path_match": "event.duration" } }, { "_embedded_ecs-pid_to_long": { "mapping": { "type": "long" }, "match": "pid" } }, { "_embedded_ecs-uptime_to_long": { "mapping": { "type": "long" }, "match": "uptime" } }, { "_embedded_ecs-sequence_to_long": { "mapping": { "type": "long" }, "match": "sequence" } }, { "_embedded_ecs-entropy_to_long": { "mapping": { "type": "long" }, "match": "*entropy" } }, { "_embedded_ecs-size_to_long": { "mapping": { "type": "long" }, "match": "*size" } }, { "_embedded_ecs-entrypoint_to_long": { "mapping": { "type": "long" }, "match": "entrypoint" } }, { "_embedded_ecs-ttl_to_long": { "mapping": { "type": "long" }, "match": "ttl" } }, { "_embedded_ecs-major_to_long": { "mapping": { "type": "long" }, "match": "major" } }, { "_embedded_ecs-minor_to_long": { "mapping": { "type": "long" }, "match": "minor" } }, { "_embedded_ecs-as_number_to_long": { "mapping": { "type": "long" }, "path_match": "*.as.number" } }, { "_embedded_ecs-pgid_to_long": { "mapping": { "type": "long" }, "match": "pgid" } }, { "_embedded_ecs-exit_code_to_long": { "mapping": { "type": "long" }, "match": "exit_code" } }, { "_embedded_ecs-chi_to_long": { "mapping": { "type": "long" }, "match": "chi2" } }, { "_embedded_ecs-args_count_to_long": { "mapping": { "type": "long" }, "match": "args_count" } }, { "_embedded_ecs-virtual_address_to_long": { "mapping": { "type": "long" }, "match": "virtual_address" } }, { "_embedded_ecs-io_text_to_wildcard": { "mapping": { "type": "wildcard" }, "path_match": "*.io.text" } }, { "_embedded_ecs-strings_to_wildcard": { "mapping": { "type": "wildcard" }, "path_match": "registry.data.strings" } }, { "_embedded_ecs-path_to_wildcard": { "mapping": { "type": "wildcard" }, "path_match": "*url.path" } }, { "_embedded_ecs-message_id_to_wildcard": { "mapping": { "type": "wildcard" }, "match": "message_id" } }, { "_embedded_ecs-command_line_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "match": "command_line" } }, { "_embedded_ecs-error_stack_trace_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "match": "stack_trace" } }, { "_embedded_ecs-http_content_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "path_match": "*.body.content" } }, { "_embedded_ecs-url_full_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "path_match": "*url.full" } }, { "_embedded_ecs-url_original_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "path_match": "*url.original" } }, { "_embedded_ecs-user_agent_original_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "path_match": "user_agent.original" } }, { "_embedded_ecs-error_message_to_match_only": { "mapping": { "type": "match_only_text" }, "path_match": "error.message" } }, { "_embedded_ecs-message_match_only_text": { "mapping": { "type": "match_only_text" }, "path_match": "message" } }, { "_embedded_ecs-event_original_non_indexed_keyword": { "mapping": { "doc_values": false, "index": false, "type": "keyword" }, "path_match": "event.original" } }, { "_embedded_ecs-agent_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "agent.name" } }, { "_embedded_ecs-service_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.service.name" } }, { "_embedded_ecs-sections_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.sections.name" } }, { "_embedded_ecs-resource_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.resource.name" } }, { "_embedded_ecs-observer_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "observer.name" } }, { "_embedded_ecs-question_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.question.name" } }, { "_embedded_ecs-group_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.group.name" } }, { "_embedded_ecs-geo_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.geo.name" } }, { "_embedded_ecs-host_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "host.name" } }, { "_embedded_ecs-severity_name_to_keyword": { "mapping": { "type": "keyword" }, "path_match": "*.severity.name" } }, { "_embedded_ecs-title_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "match": "title" } }, { "_embedded_ecs-executable_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "match": "executable" } }, { "_embedded_ecs-file_path_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "path_match": "*.file.path" } }, { "_embedded_ecs-file_target_path_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "path_match": "*.file.target_path" } }, { "_embedded_ecs-name_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "match": "name" } }, { "_embedded_ecs-full_name_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "match": "full_name" } }, { "_embedded_ecs-os_full_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "path_match": "*.os.full" } }, { "_embedded_ecs-working_directory_to_multifield": { "mapping": { "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "match": "working_directory" } }, { "_embedded_ecs-timestamp_to_date": { "mapping": { "type": "date" }, "match": "timestamp" } }, { "_embedded_ecs-delivery_timestamp_to_date": { "mapping": { "type": "date" }, "match": "delivery_timestamp" } }, { "_embedded_ecs-not_after_to_date": { "mapping": { "type": "date" }, "match": "not_after" } }, { "_embedded_ecs-not_before_to_date": { "mapping": { "type": "date" }, "match": "not_before" } }, { "_embedded_ecs-accessed_to_date": { "mapping": { "type": "date" }, "match": "accessed" } }, { "_embedded_ecs-origination_timestamp_to_date": { "mapping": { "type": "date" }, "match": "origination_timestamp" } }, { "_embedded_ecs-created_to_date": { "mapping": { "type": "date" }, "match": "created" } }, { "_embedded_ecs-installed_to_date": { "mapping": { "type": "date" }, "match": "installed" } }, { "_embedded_ecs-creation_date_to_date": { "mapping": { "type": "date" }, "match": "creation_date" } }, { "_embedded_ecs-ctime_to_date": { "mapping": { "type": "date" }, "match": "ctime" } }, { "_embedded_ecs-mtime_to_date": { "mapping": { "type": "date" }, "match": "mtime" } }, { "_embedded_ecs-ingested_to_date": { "mapping": { "type": "date" }, "match": "ingested" } }, { "_embedded_ecs-start_to_date": { "mapping": { "type": "date" }, "match": "start" } }, { "_embedded_ecs-end_to_date": { "mapping": { "type": "date" }, "match": "end" } }, { "_embedded_ecs-score_base_to_float": { "mapping": { "type": "float" }, "path_match": "*.score.base" } }, { "_embedded_ecs-score_temporal_to_float": { "mapping": { "type": "float" }, "path_match": "*.score.temporal" } }, { "_embedded_ecs-score_to_float": { "mapping": { "type": "float" }, "match": "*_score" } }, { "_embedded_ecs-score_norm_to_float": { "mapping": { "type": "float" }, "match": "*_score_norm" } }, { "_embedded_ecs-usage_to_float": { "mapping": { "scaling_factor": 1000, "type": "scaled_float" }, "match": "usage" } }, { "_embedded_ecs-location_to_geo_point": { "mapping": { "type": "geo_point" }, "match": "location" } }, { "_embedded_ecs-same_as_process_to_boolean": { "mapping": { "type": "boolean" }, "match": "same_as_process" } }, { "_embedded_ecs-established_to_boolean": { "mapping": { "type": "boolean" }, "match": "established" } }, { "_embedded_ecs-resumed_to_boolean": { "mapping": { "type": "boolean" }, "match": "resumed" } }, { "_embedded_ecs-max_bytes_per_process_exceeded_to_boolean": { "mapping": { "type": "boolean" }, "match": "max_bytes_per_process_exceeded" } }, { "_embedded_ecs-interactive_to_boolean": { "mapping": { "type": "boolean" }, "match": "interactive" } }, { "_embedded_ecs-exists_to_boolean": { "mapping": { "type": "boolean" }, "match": "exists" } }, { "_embedded_ecs-trusted_to_boolean": { "mapping": { "type": "boolean" }, "match": "trusted" } }, { "_embedded_ecs-valid_to_boolean": { "mapping": { "type": "boolean" }, "match": "valid" } }, { "_embedded_ecs-go_stripped_to_boolean": { "mapping": { "type": "boolean" }, "match": "go_stripped" } }, { "_embedded_ecs-coldstart_to_boolean": { "mapping": { "type": "boolean" }, "match": "coldstart" } }, { "_embedded_ecs-exports_to_flattened": { "mapping": { "type": "flattened" }, "match": "exports" } }, { "_embedded_ecs-structured_data_to_flattened": { "mapping": { "type": "flattened" }, "match": "structured_data" } }, { "_embedded_ecs-imports_to_flattened": { "mapping": { "type": "flattened" }, "match": "*imports" } }, { "_embedded_ecs-attachments_to_nested": { "mapping": { "type": "nested" }, "match": "attachments" } }, { "_embedded_ecs-segments_to_nested": { "mapping": { "type": "nested" }, "match": "segments" } }, { "_embedded_ecs-elf_sections_to_nested": { "mapping": { "type": "nested" }, "path_match": "*.elf.sections" } }, { "_embedded_ecs-pe_sections_to_nested": { "mapping": { "type": "nested" }, "path_match": "*.pe.sections" } }, { "_embedded_ecs-macho_sections_to_nested": { "mapping": { "type": "nested" }, "path_match": "*.macho.sections" } } ] }, "ingest_pipeline.name": "default" }, "path": "log" } ] }