gfwleak/galaxy-deployment-schema-updater-tool
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
4be242ba89982b65250045ebd099ca837bbec7d1
galaxy-deployment-schema-up…/testSchemaFiles/security_event.json
qidaijie ae9ea847dc 原schema-upgrade项目更名,发布初版
2023-09-26 14:48:35 +08:00

3853 lines
100 KiB
JSON
Raw Blame History

{
"type":"record",
"name":"security_event",
"namespace":"tsg_galaxy_v3",
"doc":
{
"primary_key":"common_log_id",
"partition_key":"common_recv_time",
"ttl":null,
"default_ttl":2592000,
"index_key":
[
"common_log_id",
"common_recv_time",
"common_policy_id"
],
"functions":
{
"$ref":"public_schema_info.json#/functions"
},
"schema_query":
{
"dimensions":
[
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_policy_id",
"common_action",
"common_sled_ip",
"common_device_id",
"common_client_location",
"common_server_location",
"common_subscriber_id",
"common_client_port",
"common_server_port",
"common_schema_type",
"common_l4_protocol",
"common_l7_protocol",
"common_data_center",
"common_device_group",
"common_app_behavior",
"common_client_asn",
"common_server_asn",
"common_start_time",
"common_end_time",
"common_imei",
"common_imsi",
"common_phone_number",
"common_app_label",
"http_host",
"http_domain",
"http_url",
"http_cookie",
"http_referer",
"http_user_agent",
"ssl_sni",
"ssl_ja3_hash",
"ssl_passthrough_reason",
"ssl_client_side_version",
"ssl_server_side_version",
"ssl_cert_issuer",
"ssl_cert_subject",
"mail_account",
"mail_from",
"mail_to",
"quic_sni",
"quic_version"
],
"metrics":
[
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_subscriber_id",
"common_sled_ip",
"common_device_id",
"common_sessions",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_mirrored_pkts",
"common_mirrored_bytes",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_imei",
"common_imsi",
"common_phone_number",
"common_app_label",
"http_host",
"http_domain",
"http_url",
"http_cookie",
"http_referer",
"http_user_agent",
"ssl_sni",
"ssl_ja3_hash",
"ssl_passthrough_reason",
"ssl_client_side_latency",
"ssl_server_side_latency",
"ssl_cert_issuer",
"ssl_cert_subject",
"mail_account",
"mail_from",
"mail_to",
"quic_sni"
],
"filters":
[
"common_policy_id",
"common_action",
"common_address_type",
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_client_port",
"common_server_port",
"common_client_location",
"common_server_location",
"common_subscriber_id",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_mirrored_pkts",
"common_mirrored_bytes",
"common_l4_protocol",
"common_l7_protocol",
"common_stream_dir",
"common_data_center",
"common_device_group",
"common_app_behavior",
"common_sled_ip",
"common_device_id",
"common_direction",
"common_schema_type",
"common_client_asn",
"common_server_asn",
"common_start_time",
"common_end_time",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_imei",
"common_imsi",
"common_phone_number",
"common_app_label",
"http_host",
"http_domain",
"http_url",
"http_cookie",
"http_referer",
"http_user_agent",
"http_request_content_type",
"http_response_content_type",
"ssl_sni",
"ssl_ja3_hash",
"ssl_pinningst",
"ssl_intercept_state",
"ssl_passthrough_reason",
"ssl_client_side_version",
"ssl_server_side_version",
"ssl_cert_verify",
"ssl_client_side_latency",
"ssl_server_side_latency",
"ssl_cert_issuer",
"ssl_cert_subject",
"mail_account",
"mail_from",
"mail_to",
"mail_subject",
"quic_sni",
"quic_version"
],
"references":
{
"$ref":"public_schema_info.json#/schema_query/references"
},
"details":
{
"general":
[
"common_recv_time",
"common_log_id",
"common_stream_trace_id",
"common_address_type",
"common_schema_type",
"common_direction",
"common_stream_dir",
"common_start_time",
"common_end_time",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_processing_time",
"common_ingestion_time",
"common_entrance_id",
"common_device_id",
"common_egress_link_id",
"common_ingress_link_id",
"common_isp",
"common_data_center",
"common_device_group",
"common_sled_ip"
],
"action":
[
"common_action",
"common_sub_action",
"common_policy_id",
"common_user_tags",
"common_user_region"
],
"source":
[
"common_client_ip",
"common_internal_ip",
"common_client_port",
"common_client_location",
"common_client_asn",
"common_subscriber_id",
"common_imei",
"common_imsi",
"common_phone_number"
],
"destination":
[
"common_server_ip",
"common_external_ip",
"common_server_port",
"common_server_location",
"common_server_asn"
],
"application":
[
"common_app_id",
"common_userdefine_app_name",
"common_app_identify_info",
"common_app_label",
"common_app_surrogate_id",
"common_l7_protocol",
"common_protocol_label",
"common_service_category",
"common_service",
"common_l4_protocol",
"common_app_behavior"
],
"transmission":
[
"common_sessions",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_c2s_pkt_diff",
"common_s2c_pkt_diff",
"common_c2s_byte_diff",
"common_s2c_byte_diff",
"common_c2s_ipfrag_num",
"common_s2c_ipfrag_num",
"common_c2s_tcp_lostlen",
"common_s2c_tcp_lostlen",
"common_c2s_tcp_unorder_num",
"common_s2c_tcp_unorder_num",
"common_c2s_pkt_retrans",
"common_s2c_pkt_retrans",
"common_c2s_byte_retrans",
"common_s2c_byte_retrans",
"common_first_ttl",
"common_tcp_client_isn",
"common_tcp_server_isn",
"common_mirrored_pkts",
"common_mirrored_bytes"
],
"other":
[
"common_device_tag",
"common_encapsulation",
"common_tunnels",
"common_address_list",
"common_has_dup_traffic",
"common_stream_error",
"common_link_info_c2s",
"common_link_info_s2c",
"common_packet_capture_file"
]
}
},
"schema_type":
{
"BASE":
{
"$ref":"public_schema_info.json#/schema_type/BASE"
},
"HTTP":
{
"$ref":"public_schema_info.json#/schema_type/HTTP"
},
"MAIL":
{
"$ref":"public_schema_info.json#/schema_type/MAIL"
},
"DNS":
{
"$ref":"public_schema_info.json#/schema_type/DNS"
},
"SSL":
{
"$ref":"public_schema_info.json#/schema_type/SSL"
},
"QUIC":
{
"$ref":"public_schema_info.json#/schema_type/QUIC"
},
"FTP":
{
"$ref":"public_schema_info.json#/schema_type/FTP"
},
"BGP":
{
"$ref":"public_schema_info.json#/schema_type/BGP"
},
"SIP":
{
"$ref":"public_schema_info.json#/schema_type/SIP"
},
"RTP":
{
"$ref":"public_schema_info.json#/schema_type/RTP"
},
"APP":
{
"$ref":"public_schema_info.json#/schema_type/APP"
},
"SSH":
{
"$ref":"public_schema_info.json#/schema_type/SSH"
},
"Stratum":
{
"$ref":"public_schema_info.json#/schema_type/Stratum"
},
"RDP":
{
"$ref":"public_schema_info.json#/schema_type/RDP"
}
},
"default_columns":
[
"common_recv_time",
"common_log_id",
"common_policy_id",
"common_subscriber_id",
"common_client_ip",
"common_server_ip",
"common_server_port",
"common_schema_type"
],
"internal_columns":
[
"common_recv_time",
"common_log_id",
"common_processing_time",
"common_ingestion_time",
"common_userdefine_app_name",
"common_tunnels",
"common_packet_capture_file",
"http_request_body",
"http_response_body",
"mail_eml_file",
"rtp_pcap_path"
],
"tunnel_type":
{
"$ref":"public_schema_info.json#/tunnel_type"
}
},
"fields":
[
{
"name":"common_recv_time",
"label":"Receive Time",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_log_id",
"label":"Log ID",
"doc":
{
"format":
{
"functions":"snowflake_id"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_policy_id",
"label":"Policy ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_subscriber_id",
"label":"Subscriber ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_imei",
"label":"IMEI",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_imsi",
"label":"IMSI",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_phone_number",
"label":"Phone Number",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_client_ip",
"label":"Client IP",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"geo_asn,radius_match",
"appendTo":"common_client_asn,common_subscriber_id"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_internal_ip",
"label":"Internal IP",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"if",
"param":"$.common_direction=69,$.common_client_ip,$.common_server_ip"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_client_port",
"label":"Client Port",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_l4_protocol",
"label":"L4 Protocol",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_address_type",
"label":"Address Type",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"4",
"value":"ipv4"
},
{
"code":"6",
"value":"ipv6"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_server_ip",
"label":"Server IP",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"geo_asn",
"appendTo":"common_server_asn"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_server_port",
"label":"Server Port",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_external_ip",
"label":"External IP",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"if",
"param":"$.common_direction=73,$.common_client_ip,$.common_server_ip"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_action",
"label":"Action",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"Monitor"
},
{
"code":"2",
"value":"Intercept"
},
{
"code":"16",
"value":"Deny"
},
{
"code":"128",
"value":"Allow"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_direction",
"label":"Direction",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"69",
"value":"outbound"
},
{
"code":"73",
"value":"inbound"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_entrance_id",
"label":"Entrance ID",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_sled_ip",
"label":"Sled IP",
"doc":
{
"constraints":
{
"type":"ip"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_client_location",
"label":"Client Location",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_client_asn",
"label":"Client ASN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_server_location",
"label":"Server Location",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_server_asn",
"label":"Server ASN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_sessions",
"label":"Sessions",
"doc":
{
"format":
{
"functions":"set_value",
"param":"1"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_pkt_num",
"label":"Packets Sent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_pkt_num",
"label":"Packets Received",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_byte_num",
"label":"Bytes Sent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_byte_num",
"label":"Bytes Received",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_pkt_diff",
"label":"Packets Sent (Delta)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_pkt_diff",
"label":"Packets Received (Delta)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_byte_diff",
"label":"Bytes Sent (Delta)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_byte_diff",
"label":"Bytes Received (Delta)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_service",
"label":"Service",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_schema_type",
"label":"Schema Type",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"BASE",
"value":"BASE"
},
{
"code":"HTTP",
"value":"HTTP"
},
{
"code":"MAIL",
"value":"MAIL"
},
{
"code":"DNS",
"value":"DNS"
},
{
"code":"SSL",
"value":"SSL"
},
{
"code":"QUIC",
"value":"QUIC"
},
{
"code":"FTP",
"value":"FTP"
},
{
"code":"SIP",
"value":"SIP"
},
{
"code":"RTP",
"value":"RTP"
},
{
"code":"SSH",
"value":"SSH"
},
{
"code":"Stratum",
"value":"Stratum"
},
{
"code":"RDP",
"value":"RDP"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_user_tags",
"label":"User Tags",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_sub_action",
"label":"Sub Action",
"doc":
{
"data":
[
{
"code":"allow",
"value":"Allow"
},
{
"code":"deny",
"value":"Deny"
},
{
"code":"monitor",
"value":"Monitor"
},
{
"code":"replace",
"value":"Replace"
},
{
"code":"redirect",
"value":"Redirect"
},
{
"code":"insert",
"value":"Insert"
},
{
"code":"hijack",
"value":"Hijack"
}
],
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_user_region",
"label":"User Region",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_device_id",
"label":"Device ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_egress_link_id",
"label":"Egress Link ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_ingress_link_id",
"label":"Ingress Link ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_isp",
"label":"ISP",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_device_tag",
"label":"Device Tag",
"doc":
{
"visibility":"hidden",
"format":
{
"functions":"flattenSpec,flattenSpec",
"appendTo":"common_data_center,common_device_group",
"param":"$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
},
"ttl":null
},
"type":"string"
},
{
"name":"common_data_center",
"label":"Data Center",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"device_tag.json#",
"key":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
"value":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_device_group",
"label":"Device Group",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"device_tag.json#",
"key":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
"value":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_behavior",
"label":"Application Behavior",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_encapsulation",
"label":"Encapsulation",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"public_schema_info.json#/fields/common_encapsulation/data"
},
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_app_label",
"label":"Application Label",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_tunnels",
"label":"Tunnels",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_protocol_label",
"label":"Protocol Label",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_id",
"label":"Application ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_userdefine_app_name",
"label":"User Define App Name",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_identify_info",
"label":"App Identity Info",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_surrogate_id",
"label":"Surrogate ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_l7_protocol",
"label":"L7 Protocol",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_service_category",
"label":"FQDN Category",
"doc":
{
"constraints":
{
"operator_functions":"has"
},
"dict_location":
{
"path":"/v1/category/dict",
"key":"categoryId",
"value":"categoryName"
},
"visibility":"enabled",
"ttl":null
},
"type":
{
"type":"array",
"items":"int"
}
},
{
"name":"common_start_time",
"label":"Start Time",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"timestamp"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_end_time",
"label":"End Time",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"get_value",
"appendTo":"common_recv_time"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_establish_latency_ms",
"label":"TCP Handshake Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_con_duration_ms",
"label":"Duration (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_stream_dir",
"label":"Stream Direction",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"c2s"
},
{
"code":"2",
"value":"s2c"
},
{
"code":"3",
"value":"double"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"common_address_list",
"label":"Address List",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_has_dup_traffic",
"label":"Duplication Traffic",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"public_schema_info.json#/fields/common_has_dup_traffic/data"
},
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_stream_error",
"label":"Stream Error",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_stream_trace_id",
"label":"Session ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_link_info_c2s",
"label":"Link Info (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_link_info_s2c",
"label":"Link Info (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_packet_capture_file",
"label":"Packet Capture File",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_c2s_ipfrag_num",
"label":"Fragmentation Packets (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_ipfrag_num",
"label":"Fragmentation Packets (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_tcp_lostlen",
"label":"Sequence Gap Loss (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_tcp_lostlen",
"label":"Sequence Gap Loss (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_tcp_unorder_num",
"label":"Unordered Packets (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_tcp_unorder_num",
"label":"Unordered Packets (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_pkt_retrans",
"label":"Packet Retransmission (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_pkt_retrans",
"label":"Packet Retransmission (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_c2s_byte_retrans",
"label":"Byte Retransmission (c2s)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_s2c_byte_retrans",
"label":"Byte Retransmission (s2c)",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"long"
},
{
"name":"common_tcp_client_isn",
"label":"TCP Client ISN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_tcp_server_isn",
"label":"TCP Server ISN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_first_ttl",
"label":"First TTL",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_processing_time",
"label":"Processing Time",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"current_timestamp"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_ingestion_time",
"label":"Ingestion Time",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"ingestion_time"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_mirrored_pkts",
"label":"Mirrored Packets",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_mirrored_bytes",
"label":"Mirrored Bytes",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"http_url",
"label":"HTTP.URL",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_host",
"label":"HTTP.Host",
"doc":
{
"format":
{
"functions":"sub_domain",
"appendTo":"http_domain"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_domain",
"label":"HTTP.Domain",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_line",
"label":"HTTP.Request Line",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_line",
"label":"HTTP.Response Line",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_header",
"label":"HTTP.Request Header",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_header",
"label":"HTTP.Response Header",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_content",
"label":"HTTP.Request Content",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_content_length",
"label":"HTTP.Request Content Length",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_content_type",
"label":"HTTP.Request Content Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_content",
"label":"HTTP.Response Content",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_content_length",
"label":"HTTP.Response Content Length",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_content_type",
"label":"HTTP.Response Content Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_body",
"label":"HTTP.Request Body",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_body",
"label":"HTTP.Response Body",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_body_key",
"label":"HTTP.Request Body Key",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_body_key",
"label":"HTTP.Response Body Key",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_proxy_flag",
"label":"HTTP.Proxy Flag",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"http_sequence",
"label":"HTTP.Sequence",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"http_snapshot",
"label":"HTTP.Snapshot",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_cookie",
"label":"HTTP.Cookie",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_referer",
"label":"HTTP.Referer",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_user_agent",
"label":"HTTP.User Agent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_content_length",
"label":"HTTP.Content Length",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_content_type",
"label":"HTTP.Content Type",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"http_set_cookie",
"label":"HTTP.Set Cookie",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_version",
"label":"HTTP.Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_latency_ms",
"label":"HTTP.Response Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"http_action_file_size",
"label":"HTTP.Action File Size",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"http_session_duration_ms",
"label":"HTTP.Session Duration (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"mail_protocol_type",
"label":"Mail.Protocol Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_account",
"label":"Mail.Account",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_from_cmd",
"label":"Mail.From CMD",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_to_cmd",
"label":"Mail.To CMD",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_from",
"label":"Mail.From",
"doc":
{
"constraints":
{
"type":"email"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_to",
"label":"Mail.To",
"doc":
{
"constraints":
{
"type":"email"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_cc",
"label":"Mail.CC",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_bcc",
"label":"Mail.BCC",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_subject",
"label":"Mail.Subject",
"doc":
{
"format":
{
"functions":"decode_of_base64",
"param":"$.mail_subject_charset"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_subject_charset",
"label":"Mail.Subject Charset",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"mail_content",
"label":"Mail.Content",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"mail_content_charset",
"label":"Mail.Content Charset",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"mail_attachment_name",
"label":"Mail.Attachment",
"doc":
{
"format":
{
"functions":"decode_of_base64",
"param":"$.mail_attachment_name_charset"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_attachment_name_charset",
"label":"Mail.Attachment Charset",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"mail_attachment_content",
"label":"Mail.Attachment Content",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"mail_eml_file",
"label":"Mail.EML File",
"doc":
{
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"mail_snapshot",
"label":"Mail.Snapshot",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"dns_message_id",
"label":"DNS.Message ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_qr",
"label":"DNS.QR",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"QUERY"
},
{
"code":"1",
"value":"RESPONSE"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_opcode",
"label":"DNS.OPCODE",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"QUERY"
},
{
"code":"1",
"value":"IQUERY"
},
{
"code":"2",
"value":"STATUS"
},
{
"code":"5",
"value":"UPDATE"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_aa",
"label":"DNS.AA",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_tc",
"label":"DNS.TC",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_rd",
"label":"DNS.RD",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_ra",
"label":"DNS.RA",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_rcode",
"label":"DNS.RCODE",
"doc":
{
"data":
[
{
"code":0,
"value":"NoError"
},
{
"code":1,
"value":"FormErr"
},
{
"code":2,
"value":"ServFail"
},
{
"code":3,
"value":"NXDomain"
},
{
"code":4,
"value":"NotImp"
},
{
"code":5,
"value":"Refused"
},
{
"code":6,
"value":"YXDomain"
},
{
"code":7,
"value":"YXRRSet"
},
{
"code":8,
"value":"NXRRSet"
},
{
"code":9,
"value":"NotAuth"
},
{
"code":10,
"value":"NotZone"
},
{
"code":16,
"value":"BADSIG"
},
{
"code":17,
"value":"BADKEY"
},
{
"code":18,
"value":"BADTIME"
},
{
"code":19,
"value":"BADMODE"
},
{
"code":20,
"value":"BADNAME"
},
{
"code":21,
"value":"BADALG"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_qdcount",
"label":"DNS.QDCOUNT",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_ancount",
"label":"DNS.ANCOUNT",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_nscount",
"label":"DNS.NSCOUNT",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_arcount",
"label":"DNS.ARCOUNT",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_qname",
"label":"DNS.QNAME",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"dns_qtype",
"label":"DNS.QTYPE",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"A"
},
{
"code":"2",
"value":"NS"
},
{
"code":"3",
"value":"MD"
},
{
"code":"4",
"value":"MF"
},
{
"code":"5",
"value":"CNAME"
},
{
"code":"6",
"value":"SOA"
},
{
"code":"7",
"value":"MB"
},
{
"code":"8",
"value":"MG"
},
{
"code":"9",
"value":"MR"
},
{
"code":"10",
"value":"NULL"
},
{
"code":"11",
"value":"WKS"
},
{
"code":"12",
"value":"PTR"
},
{
"code":"13",
"value":"HINFO"
},
{
"code":"14",
"value":"MINFO"
},
{
"code":"15",
"value":"MX"
},
{
"code":"16",
"value":"TXT"
},
{
"code":"17",
"value":"RP"
},
{
"code":"18",
"value":"AFSDB"
},
{
"code":"19",
"value":"X25"
},
{
"code":"20",
"value":"ISDN"
},
{
"code":"21",
"value":"RT"
},
{
"code":"22",
"value":"NSAP"
},
{
"code":"23",
"value":"NSAP"
},
{
"code":"24",
"value":"SIG"
},
{
"code":"25",
"value":"KEY"
},
{
"code":"26",
"value":"PX"
},
{
"code":"27",
"value":"GPOS"
},
{
"code":"28",
"value":"AAAA"
},
{
"code":"29",
"value":"LOC"
},
{
"code":"30",
"value":"EID"
},
{
"code":"31",
"value":"NIMLOC"
},
{
"code":"32",
"value":"NB"
},
{
"code":"33",
"value":"SRV"
},
{
"code":"34",
"value":"ATMA"
},
{
"code":"35",
"value":"NAPTR"
},
{
"code":"36",
"value":"KX"
},
{
"code":"37",
"value":"CERT"
},
{
"code":"38",
"value":"A6"
},
{
"code":"39",
"value":"DNAME"
},
{
"code":"40",
"value":"SINK"
},
{
"code":"41",
"value":"OPT"
},
{
"code":"42",
"value":"APL"
},
{
"code":"43",
"value":"DS"
},
{
"code":"44",
"value":"SSHFP"
},
{
"code":"45",
"value":"IPSECKEY"
},
{
"code":"46",
"value":"RRSIG"
},
{
"code":"47",
"value":"NSEC"
},
{
"code":"48",
"value":"DNSKEY"
},
{
"code":"49",
"value":"DHCID"
},
{
"code":"50",
"value":"NSEC3"
},
{
"code":"51",
"value":"NSEC3PARAM"
},
{
"code":"52",
"value":"TLSA"
},
{
"code":"53",
"value":"SMIMEA"
},
{
"code":"55",
"value":"HIP"
},
{
"code":"59",
"value":"CDS"
},
{
"code":"60",
"value":"CDNSKEY"
},
{
"code":"61",
"value":"OPENPGPKEY"
},
{
"code":"62",
"value":"CSYNC"
},
{
"code":"63",
"value":"ZONEMD"
},
{
"code":"64",
"value":"SVCB"
},
{
"code":"65",
"value":"HTTPS"
},
{
"code":"99",
"value":"SPF"
},
{
"code":"100",
"value":"UINFO"
},
{
"code":"101",
"value":"UID"
},
{
"code":"102",
"value":"GID"
},
{
"code":"103",
"value":"UNSPEC"
},
{
"code":"108",
"value":"EUI48"
},
{
"code":"109",
"value":"EUI64"
},
{
"code":"249",
"value":"TKEY"
},
{
"code":"250",
"value":"TSIG"
},
{
"code":"251",
"value":"IXFR"
},
{
"code":"252",
"value":"AXFR"
},
{
"code":"253",
"value":"MAILB"
},
{
"code":"254",
"value":"MAILA"
},
{
"code":"255",
"value":"*"
},
{
"code":"256",
"value":"URI"
},
{
"code":"257",
"value":"CAA"
},
{
"code":"32768",
"value":"TA"
},
{
"code":"32769",
"value":"DLV"
},
{
"code":"65521",
"value":"INTEGRITY"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_qclass",
"label":"DNS.QCLASS",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_cname",
"label":"DNS.CNAME",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"dns_sub",
"label":"DNS.SUB",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"DNS"
},
{
"code":"2",
"value":"DNSSEC"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"dns_rr",
"label":"DNS.RR",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"dns_response_latency_ms",
"label":"DNS.Response Latency (ms)",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_version",
"label":"SSL.Version",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_sni",
"label":"SSL.SNI",
"doc":
{
"format":
{
"functions":"sub_domain",
"appendTo":"http_domain"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_san",
"label":"SSL.SAN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_cn",
"label":"SSL.CN",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_pinningst",
"label":"SSL.Pinning",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"Not Pinning"
},
{
"code":"1",
"value":"Pinning"
},
{
"code":"2",
"value":"Maybe Pinning"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_intercept_state",
"label":"SSL.Intercept State",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"Passthrough"
},
{
"code":"1",
"value":"Intercept"
},
{
"code":"2",
"value":"Shutdown"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_passthrough_reason",
"label":"SSL.Passthrough Reason",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_server_side_latency",
"label":"SSL.Server Side Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_client_side_latency",
"label":"SSL.Client Side Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_server_side_version",
"label":"SSL.Server Side Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_client_side_version",
"label":"SSL.Client Side Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_cert_verify",
"label":"SSL.Certificate Verify",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"No"
},
{
"code":"1",
"value":"Yes"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_error",
"label":"SSL.Error",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_con_latency_ms",
"label":"SSL.Handshake Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"ssl_ja3_fingerprint",
"label":"SSL.JA3",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_ja3_hash",
"label":"SSL.JA3 hash",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_cert_issuer",
"label":"SSL.Issuer",
"doc":
{
"constraints":
{
"type":"items"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssl_cert_subject",
"label":"SSL.Subject",
"doc":
{
"constraints":
{
"type":"items"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"quic_version",
"label":"Quic.Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"quic_sni",
"label":"Quic.SNI",
"doc":
{
"format":
{
"functions":"sub_domain",
"appendTo":"http_domain"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"quic_user_agent",
"label":"Quic.User Agent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ftp_account",
"label":"FTP.Account",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ftp_url",
"label":"FTP.URL",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ftp_content",
"label":"FTP.Content",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ftp_link_type",
"label":"FTP.Link Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"bgp_type",
"label":"BGP.Type",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"int"
},
{
"name":"bgp_as_num",
"label":"BGP.AS Number",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"bgp_route",
"label":"BGP.Route",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"voip_calling_account",
"label":"VoIP.Calling Account",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"voip_called_account",
"label":"VoIP.Called Account",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"voip_calling_number",
"label":"VoIP.Calling Number",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"voip_called_number",
"label":"VoIP.Called Number",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"streaming_media_url",
"label":"Streaming.Media URL",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"streaming_media_protocol",
"label":"Streaming.Media Protocol",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"type":"string"
},
{
"name":"app_extra_info",
"label":"APP.Extra Info",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_call_id",
"label":"SIP.Call-ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_originator_description",
"label":"SIP.Originator",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_responder_description",
"label":"SIP.Responder",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_user_agent",
"label":"SIP.User-Agent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_server",
"label":"SIP.Server",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_originator_sdp_connect_ip",
"label":"SIP.Originator IP",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_originator_sdp_media_port",
"label":"SIP.Originator Port",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"sip_originator_sdp_media_type",
"label":"SIP.Originator Media Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_originator_sdp_content",
"label":"SIP.Originator Content",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_responder_sdp_connect_ip",
"label":"SIP.Responder IP",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_responder_sdp_media_port",
"label":"SIP.Responder Port",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"sip_responder_sdp_media_type",
"label":"SIP.Responder Media Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_responder_sdp_content",
"label":"SIP.Responder Content",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"sip_duration_s",
"label":"SIP.Duration (s)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"sip_bye",
"label":"SIP.Bye",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rtp_payload_type_c2s",
"label":"RTP.Payload Type (c2s)",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"PCMU"
},
{
"code":"1",
"value":"1016"
},
{
"code":"2",
"value":"G721"
},
{
"code":"3",
"value":"GSM"
},
{
"code":"4",
"value":"G723"
},
{
"code":"5",
"value":"DVI4_8000"
},
{
"code":"6",
"value":"DVI4_16000"
},
{
"code":"7",
"value":"LPC"
},
{
"code":"8",
"value":"PCMA"
},
{
"code":"9",
"value":"G722"
},
{
"code":"10",
"value":"L16_STEREO"
},
{
"code":"11",
"value":"L16_MONO"
},
{
"code":"12",
"value":"QCELP"
},
{
"code":"13",
"value":"CN"
},
{
"code":"14",
"value":"MPA"
},
{
"code":"15",
"value":"G728"
},
{
"code":"16",
"value":"DVI4_11025"
},
{
"code":"17",
"value":"DVI4_22050"
},
{
"code":"18",
"value":"G729"
},
{
"code":"19",
"value":"CN_OLD"
},
{
"code":"25",
"value":"CELB"
},
{
"code":"26",
"value":"JPEG"
},
{
"code":"28",
"value":"NV"
},
{
"code":"31",
"value":"H261"
},
{
"code":"32",
"value":"MPV"
},
{
"code":"33",
"value":"MP2T"
},
{
"code":"34",
"value":"H263"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"rtp_payload_type_s2c",
"label":"RTP.Payload Type (s2c)",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"PCMU"
},
{
"code":"1",
"value":"1016"
},
{
"code":"2",
"value":"G721"
},
{
"code":"3",
"value":"GSM"
},
{
"code":"4",
"value":"G723"
},
{
"code":"5",
"value":"DVI4_8000"
},
{
"code":"6",
"value":"DVI4_16000"
},
{
"code":"7",
"value":"LPC"
},
{
"code":"8",
"value":"PCMA"
},
{
"code":"9",
"value":"G722"
},
{
"code":"10",
"value":"L16_STEREO"
},
{
"code":"11",
"value":"L16_MONO"
},
{
"code":"12",
"value":"QCELP"
},
{
"code":"13",
"value":"CN"
},
{
"code":"14",
"value":"MPA"
},
{
"code":"15",
"value":"G728"
},
{
"code":"16",
"value":"DVI4_11025"
},
{
"code":"17",
"value":"DVI4_22050"
},
{
"code":"18",
"value":"G729"
},
{
"code":"19",
"value":"CN_OLD"
},
{
"code":"25",
"value":"CELB"
},
{
"code":"26",
"value":"JPEG"
},
{
"code":"28",
"value":"NV"
},
{
"code":"31",
"value":"H261"
},
{
"code":"32",
"value":"MPV"
},
{
"code":"33",
"value":"MP2T"
},
{
"code":"34",
"value":"H263"
}
],
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"rtp_pcap_path",
"label":"RTP.PCAP",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rtp_originator_dir",
"label":"RTP.Direction",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"unknown"
},
{
"code":"1",
"value":"c2s"
},
{
"code":"2",
"value":"s2c"
}
],
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"ssh_version",
"label":"SSH.Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_auth_success",
"label":"SSH.Authentication Result",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_client_version",
"label":"SSH.Client Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_server_version",
"label":"SSH.Server Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_cipher_alg",
"label":"SSH.Encryption Algorithm",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_mac_alg",
"label":"SSH.Signing Algorithm",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_compression_alg",
"label":"SSH.Compression Algorithm",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_kex_alg",
"label":"SSH. Key Exchange Algorithm",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_host_key_alg",
"label":"SSH.Server Host Key Algorithm",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_host_key",
"label":"SSH.Server Key Fingerprint",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"ssh_hassh",
"label":"SSH.HASSH",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"stratum_cryptocurrency",
"label":"Stratum.Cryptocurrency",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"stratum_mining_pools",
"label":"Stratum.Mining Pools",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"stratum_mining_program",
"label":"Stratum.Mining Program",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_cookie",
"label":"RDP.Cookie",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_security_protocol",
"label":"RDP.Security Protocol",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_client_channels",
"label":"RDP.Client Channels",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_keyboard_layout",
"label":"RDP.Keyboard Layout",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_client_version",
"label":"RDP.Client Version",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_client_name",
"label":"RDP.Client Name",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_client_product_id",
"label":"RDP.Client Product ID",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_desktop_width",
"label":"RDP. Desktop Width",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_desktop_height",
"label":"RDP.Desktop Height",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_requested_color_depth",
"label":"RDP.Requested Color Depth",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_certificate_type",
"label":"RDP.Certificate Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_certificate_count",
"label":"RDP.Certificate Count",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"rdp_certificate_permanent",
"label":"RDP.Certificate Permanent",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"rdp_encryption_level",
"label":"RDP.Encryption Level",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"rdp_encryption_method",
"label":"RDP.Encryption Method",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
}
]
}
Reference in New Issue View Git Blame Copy Permalink