From 4041d274b35cff51fbb224b925fcc9a10563dba0 Mon Sep 17 00:00:00 2001 From: Gloria Hornero Date: Fri, 6 Sep 2024 13:09:18 +0200 Subject: [PATCH] [ON-WEEK][POC] Playwright (#190803) ## UPDATE It has been removed the execution of the playwright tests on buildkite, the execution will be re-enabled as soon as we are ready and as described below in the PR, there are still steps pending to be done. ## Motivation **Cypress is not performing well lately.** * We have been facing significant performance issues with Cypress. For instance, it takes a long time to open the visual interface and start executing tests. **Teams are finding it increasingly challenging to write new tests and debug existing ones.** * The time and effort required to create new tests or troubleshoot existing ones have become burdensome. **Concern about the impact this could have on our testing practices.** * Lose motivation to write tests or, worse, skip writing crucial tests. ## Why Playwright? * Compared to Cypress, Playwright seems to be known for its faster execution times and lower resource consumption. What could have a positive impact by having faster feedback during development and execution of new tests as well as more efficient use of CI resources. * Provides powerful debugging tools which can make easier to write, debug and execute tests. * Seems to provide the same capabilities we currently use in our Cypress tests. * Given Playwright's active development and backing by Microsoft, it is likely to continue evolving rapidly, making it a safe long-term choice. Considering all the above, Playwright seems to be a strong candidate to replace Cypress and address all the issues we are facing lately regarding UI test automation. ## Objective of this POC To write in Playwright a couple of tests we currently have on Cypress to check the performance of the tool as well as the development experience. The tests selected have been: - [enable_risk_score_redirect.cy.ts](https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/enable_risk_score_redirect.cy.ts) - Owned by Entity Analytics team and selected by its simplicity since it does not need any special setup to be executed and is short. - [manual_rule_run.cy.ts](https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts) - Owned by Detection Engine team and selected because is short and adds a bit more of complexity due to it needs of clean-up and setting up initial data through the API. ## How to execute the tests ### Visual mode - Navigate to: `x-pack/test/security_solution_playwright` - Execute: `yarn open:ess` for ESS environment or `yarn open:serverless` for serverless environment. ### Headless mode - Navigate to: `x-pack/test/security_solution_playwright` - Execute: `yarn run:ess` for ESS environment or `yarn run:serverless` for serverless environment. ### From VScode - Install `Playwright Test for VScode` extension by Microsoft - Navigate to: `x-pack/test/security_solution_playwright` - Execute: `yarn open:ess` for ESS environment or `yarn open:serverless` for serverless environment. - Open your IDE - Click on the `Testing` icon - On the `Test Explorer` click on the three dots to select the profile you are going to execute `ess` or `serverless` - Click on the test you want to execute or navigate to the spec file of the test and execute it from the same spec. ## My experience - Tests are way easier to implement than with Cypress. - Playwright does not rely on chainable commands. Chainable commands on Cypress can lead to confusing code. - Without chainable commands, the flow of the tests is more explicit and easier to understand. - You can notice that the tool has been designed with Typescript in mind. - Is super easy to implement the Page Object Model pattern (POM). - With POM the test code is clean and focused on "what" rather than "how". - Love the fact that you can execute the tests from the same IDE without having to switch windows during test development. - The visual mode execution gives you lots of information out of the box. ## The scope of this PR - Sets the initial infrastructure to write and execute tests with Playwright. - Has examples and set a basis about how to write tests using the POM. - Allows the execution of the tests in ESS and serverless (just stateless environment). - Integrates the execution of the tests with buildkite. ## Pending to be done/investigate - Proper readme - How to split tests and PO between the different teams - Good reports on CI - Upload screenshots on CI - Flaky test suite runner - Complete the labeling - Execution of the tests on MKI environments ## FAQ **Can I start adding tests to playwright?** Currently, you can explore and experiment with Playwright, but there is still work pending to be done to make the tool officially usable. **Why security engineering productivity is the owner of the playwright folder?** This is something temporary to make sure that good practices are followed. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: dkirchan Co-authored-by: Aleh Zasypkin Co-authored-by: Jon --- .../ftr_security_serverless_configs.yml | 3 + .buildkite/ftr_security_stateful_configs.yml | 3 + .../security_solution/playwright.yml | 30 + .../security_serverless_playwright.sh | 14 + .../security_solution_playwright.sh | 14 + .github/CODEOWNERS | 1 + .gitignore | 8 + kbn_pm/src/lib/bazel.mjs | 4 + package.json | 5 +- renovate.json | 9 + .../scripts/run_playwright/playwright.ts | 377 + .../run_playwright/start_playwright.js | 9 + .../default_configs/stateful.config.base.ts | 1 - x-pack/test/examples/config.ts | 1 - .../services/ml/stack_management_jobs.ts | 1 - .../apps/triggers_actions_ui/shared/config.ts | 1 - x-pack/test/licensing_plugin/config.public.ts | 1 - x-pack/test/load/runner.ts | 1 - x-pack/test/plugin_functional/config.ts | 1 - .../common/config.ts | 2 - x-pack/test/scalability/config.ts | 1 - .../test/security_solution_cypress/config.ts | 2 + .../cypress/tasks/api_calls/common.ts | 2 +- .../serverless_config.ts | 2 + .../api_utils/api_key.ts | 84 + .../api_utils/documents.ts | 30 + .../api_utils/headers.ts | 37 + .../api_utils/rules.ts | 50 + .../es_archives/auditbeat_single/data.json | 123 + .../auditbeat_single/mappings.json | 7854 +++++++++++++++++ .../fixtures/es_archiver.ts | 61 + .../fixtures/saml.ts | 41 + .../security_solution_playwright/index.d.ts | 13 + .../security_solution_playwright/package.json | 15 + .../entity_analytics_management_po.ts | 23 + .../page_objects/entity_analytics_po.ts | 51 + .../page_objects/page_factory.ts | 40 + .../page_objects/rule_details_page_po.ts | 44 + .../page_objects/rule_management_po.ts | 56 + .../playwright.config.ts | 59 + .../tests/enable_risk_score_redirect.spec.ts | 45 + .../tests/manual_rule_run.spec.ts | 58 + .../tests/setup/login_ess.ts | 30 + .../tests/setup/login_serverless.ts | 39 + .../tsconfig.json | 17 + .../spaces_api_integration/common/config.ts | 1 - yarn.lock | 30 +- 47 files changed, 9280 insertions(+), 14 deletions(-) create mode 100644 .buildkite/pipelines/pull_request/security_solution/playwright.yml create mode 100755 .buildkite/scripts/steps/functional/security_serverless_playwright.sh create mode 100755 .buildkite/scripts/steps/functional/security_solution_playwright.sh create mode 100644 x-pack/plugins/security_solution/scripts/run_playwright/playwright.ts create mode 100644 x-pack/plugins/security_solution/scripts/run_playwright/start_playwright.js create mode 100644 x-pack/test/security_solution_playwright/api_utils/api_key.ts create mode 100644 x-pack/test/security_solution_playwright/api_utils/documents.ts create mode 100644 x-pack/test/security_solution_playwright/api_utils/headers.ts create mode 100644 x-pack/test/security_solution_playwright/api_utils/rules.ts create mode 100644 x-pack/test/security_solution_playwright/es_archives/auditbeat_single/data.json create mode 100644 x-pack/test/security_solution_playwright/es_archives/auditbeat_single/mappings.json create mode 100644 x-pack/test/security_solution_playwright/fixtures/es_archiver.ts create mode 100644 x-pack/test/security_solution_playwright/fixtures/saml.ts create mode 100644 x-pack/test/security_solution_playwright/index.d.ts create mode 100644 x-pack/test/security_solution_playwright/package.json create mode 100644 x-pack/test/security_solution_playwright/page_objects/entity_analytics_management_po.ts create mode 100644 x-pack/test/security_solution_playwright/page_objects/entity_analytics_po.ts create mode 100644 x-pack/test/security_solution_playwright/page_objects/page_factory.ts create mode 100644 x-pack/test/security_solution_playwright/page_objects/rule_details_page_po.ts create mode 100644 x-pack/test/security_solution_playwright/page_objects/rule_management_po.ts create mode 100644 x-pack/test/security_solution_playwright/playwright.config.ts create mode 100644 x-pack/test/security_solution_playwright/tests/enable_risk_score_redirect.spec.ts create mode 100644 x-pack/test/security_solution_playwright/tests/manual_rule_run.spec.ts create mode 100644 x-pack/test/security_solution_playwright/tests/setup/login_ess.ts create mode 100644 x-pack/test/security_solution_playwright/tests/setup/login_serverless.ts create mode 100644 x-pack/test/security_solution_playwright/tsconfig.json diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 3bc5208c4a784..a6aca2fe7750e 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -12,6 +12,9 @@ disabled: - x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts - x-pack/test/security_solution_cypress/serverless_config.ts + # Playwright + - x-pack/test/security_solution_playwright/serverless_config.ts + # Serverless base config files - x-pack/test_serverless/api_integration/config.base.ts - x-pack/test_serverless/functional/config.base.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index a72f5287d189b..7238b96225519 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -24,6 +24,9 @@ disabled: - x-pack/test/threat_intelligence_cypress/cli_config_parallel.ts - x-pack/test/threat_intelligence_cypress/config.ts + # Playwright + - x-pack/test/security_solution_playwright/playwright.config.ts + defaultQueue: 'n2-4-spot' enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/configs/ess.config.ts diff --git a/.buildkite/pipelines/pull_request/security_solution/playwright.yml b/.buildkite/pipelines/pull_request/security_solution/playwright.yml new file mode 100644 index 0000000000000..694a7ed588089 --- /dev/null +++ b/.buildkite/pipelines/pull_request/security_solution/playwright.yml @@ -0,0 +1,30 @@ +steps: + - command: .buildkite/scripts/steps/functional/security_serverless_playwright.sh + label: 'Serverless Playwright - Security Solution Tests' + agents: + machineType: n2-standard-4 + preemptible: true + depends_on: + - build + - quick_checks + timeout_in_minutes: 60 + parallelism: 1 + retry: + automatic: + - exit_status: '-1' + limit: 1 + + - command: .buildkite/scripts/steps/functional/security_solution_playwright.sh + label: 'Playwright - Security Solution Tests' + agents: + machineType: n2-standard-4 + preemptible: true + depends_on: + - build + - quick_checks + timeout_in_minutes: 60 + parallelism: 1 + retry: + automatic: + - exit_status: '-1' + limit: 1 diff --git a/.buildkite/scripts/steps/functional/security_serverless_playwright.sh b/.buildkite/scripts/steps/functional/security_serverless_playwright.sh new file mode 100755 index 0000000000000..3b68702eb3467 --- /dev/null +++ b/.buildkite/scripts/steps/functional/security_serverless_playwright.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/steps/functional/common.sh + +export JOB=kibana-security-solution-playwright +export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION} + +echo "--- SERVERLESS - Security Solution Playwright Tests" + +cd x-pack/test/security_solution_playwright + +yarn run:serverless; exit_code=$?; exit $exit_code diff --git a/.buildkite/scripts/steps/functional/security_solution_playwright.sh b/.buildkite/scripts/steps/functional/security_solution_playwright.sh new file mode 100755 index 0000000000000..30729cfef6afe --- /dev/null +++ b/.buildkite/scripts/steps/functional/security_solution_playwright.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/steps/functional/common.sh + +export JOB=kibana-security-solution-playwright +export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION} + +echo "--- ESS - Security Solution Playwright Tests" + +cd x-pack/test/security_solution_playwright + +yarn run:ess; exit_code=$?; exit $exit_code \ No newline at end of file diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 431a668ebe14c..5c10707e9328d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1481,6 +1481,7 @@ x-pack/test/security_solution_api_integration/test_suites/sources @elastic/secur /x-pack/test/security_solution_cypress/cypress/* @elastic/security-engineering-productivity /x-pack/test/security_solution_cypress/cypress/tasks/login.ts @elastic/security-engineering-productivity /x-pack/test/security_solution_cypress/es_archives @elastic/security-engineering-productivity +/x-pack/test/security_solution_playwright @elastic/security-engineering-productivity /x-pack/plugins/security_solution/scripts/run_cypress @MadameSheema @patrykkopycinski @maximpn @banderror ## Security Solution sub teams - Threat Hunting Investigations diff --git a/.gitignore b/.gitignore index baa0b5d34aeed..7e06f1e23f863 100644 --- a/.gitignore +++ b/.gitignore @@ -150,3 +150,11 @@ oas_docs/output/kibana.serverless.tmp*.yaml oas_docs/output/kibana.tmp*.yaml oas_docs/output/kibana.new.yaml oas_docs/output/kibana.serverless.new.yaml + +# Security Solution Playwright +x-pack/test/security_solution_playwright/test-results/ +x-pack/test/security_solution_playwright/playwright-report/ +x-pack/test/security_solution_playwright/blob-report/ +x-pack/test/security_solution_playwright/playwright/.cache/ +x-pack/test/security_solution_playwright/.auth/ +x-pack/test/security_solution_playwright/.env \ No newline at end of file diff --git a/kbn_pm/src/lib/bazel.mjs b/kbn_pm/src/lib/bazel.mjs index 481a0fd66aa57..ca374979763b6 100644 --- a/kbn_pm/src/lib/bazel.mjs +++ b/kbn_pm/src/lib/bazel.mjs @@ -152,6 +152,10 @@ export async function installYarnDeps(log, opts = undefined) { }); log.success('yarn deps installed'); + + await run('yarn', ['playwright', 'install']); + + log.success('Playwright browsers installed'); } /** diff --git a/package.json b/package.json index 9f7cd9862953a..a4bdd399676ad 100644 --- a/package.json +++ b/package.json @@ -1072,6 +1072,7 @@ "deepmerge": "^4.2.2", "del": "^6.1.0", "diff": "^5.1.0", + "dotenv": "^16.4.5", "elastic-apm-node": "^4.7.3", "email-addresses": "^5.0.0", "eventsource-parser": "^1.1.1", @@ -1462,6 +1463,7 @@ "@mapbox/vector-tile": "1.3.1", "@octokit/rest": "^17.11.2", "@parcel/watcher": "^2.1.0", + "@playwright/test": "=1.46.0", "@redocly/cli": "^1.21.0", "@statoscope/webpack-plugin": "^5.28.2", "@storybook/addon-a11y": "^6.5.16", @@ -1761,7 +1763,8 @@ "pirates": "^4.0.1", "piscina": "^3.2.0", "pixelmatch": "^5.3.0", - "playwright": "=1.38.0", + "playwright": "=1.46.0", + "playwright-chromium": "=1.46.0", "pngjs": "^3.4.0", "postcss": "^8.4.31", "postcss-loader": "^4.2.0", diff --git a/renovate.json b/renovate.json index 774dce52e3515..a7f84bf4e595f 100644 --- a/renovate.json +++ b/renovate.json @@ -485,6 +485,15 @@ "matchBaseBranches": ["main"], "labels": ["release_note:skip", "team:obs-entities"], "enabled": true + }, + { + "groupName": "Security Engineering Productivity", + "matchDepNames": ["dotenv", "playwright-chromium", "@playwright/test"], + "reviewers": ["team:security-engineering-productivity"], + "matchBaseBranches": ["main"], + "labels": ["Team: Sec Eng Productivity", "release_note:skip", "backport:all-open"], + "minimumReleaseAge": "7 days", + "enabled": true } ], "customManagers": [ diff --git a/x-pack/plugins/security_solution/scripts/run_playwright/playwright.ts b/x-pack/plugins/security_solution/scripts/run_playwright/playwright.ts new file mode 100644 index 0000000000000..3b51cf7c67a49 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/run_playwright/playwright.ts @@ -0,0 +1,377 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { run } from '@kbn/dev-cli-runner'; +import yargs from 'yargs'; +import _ from 'lodash'; +import globby from 'globby'; +import pMap from 'p-map'; +import { withProcRunner } from '@kbn/dev-proc-runner'; +import path from 'path'; +import fs from 'fs'; + +import { EsVersion, FunctionalTestRunner, runElasticsearch, runKibanaServer } from '@kbn/test'; + +import { + Lifecycle, + ProviderCollection, + readProviderSpec, +} from '@kbn/test/src/functional_test_runner/lib'; +import pRetry from 'p-retry'; +import execa from 'execa'; +import { prefixedOutputLogger } from '../endpoint/common/utils'; +import { createToolingLogger } from '../../common/endpoint/data_loaders/utils'; +import { parseTestFileConfig, retrieveIntegrations } from '../run_cypress/utils'; +import { getFTRConfig } from '../run_cypress/get_ftr_config'; +import type { StartedFleetServer } from '../endpoint/common/fleet_server/fleet_server_services'; +import { startFleetServer } from '../endpoint/common/fleet_server/fleet_server_services'; +import { createKbnClient } from '../endpoint/common/stack_services'; + +export const cli = () => { + run( + async ({ log: _cliLogger }) => { + const { argv } = yargs(process.argv.slice(2)) + .coerce('configFile', (arg) => (_.isArray(arg) ? _.last(arg) : arg)) + .coerce('spec', (arg) => (_.isArray(arg) ? _.last(arg) : arg)) + .coerce('env', (arg: string) => + arg.split(',').reduce((acc, curr) => { + const [key, value] = curr.split('='); + if (key === 'burn') { + acc[key] = parseInt(value, 10); + } else { + acc[key] = value; + } + return acc; + }, {} as Record) + ) + .boolean('inspect'); + + _cliLogger.info(` +---------------------------------------------- +Script arguments: +---------------------------------------------- +${JSON.stringify(argv, null, 2)} +---------------------------------------------- +`); + + const isOpen = argv._.includes('open'); + const playwrightConfigFilePath = require.resolve(`../../${argv.configFile}`) as string; + const playwrightConfigFile = await import(playwrightConfigFilePath); + + const log = prefixedOutputLogger('playwright', createToolingLogger()); + + log.info(` +---------------------------------------------- +Playwright config for file: ${playwrightConfigFilePath}: +---------------------------------------------- +${JSON.stringify(playwrightConfigFile, null, 2)} +---------------------------------------------- + + +`); + + const specConfig = playwrightConfigFile.testMatch; + const specArg = argv.spec; + const specPattern = specArg ?? specConfig; + const files = retrieveIntegrations(globby.sync(specPattern)); + const esPorts: number[] = [9200, 9220]; + const kibanaPorts: number[] = [5601, 5620]; + const fleetServerPorts: number[] = [8220]; + + const getEsPort = (): T | number => { + if (isOpen) { + return 9220; + } + + const esPort = parseInt(`92${Math.floor(Math.random() * 89) + 10}`, 10); + if (esPorts.includes(esPort)) { + return getEsPort(); + } + esPorts.push(esPort); + return esPort; + }; + + const getKibanaPort = (): T | number => { + if (isOpen) { + return 5620; + } + + const kibanaPort = parseInt(`56${Math.floor(Math.random() * 89) + 10}`, 10); + if (kibanaPorts.includes(kibanaPort)) { + return getKibanaPort(); + } + kibanaPorts.push(kibanaPort); + return kibanaPort; + }; + + const getFleetServerPort = (): T | number => { + if (isOpen) { + return 8220; + } + + const fleetServerPort = parseInt(`82${Math.floor(Math.random() * 89) + 10}`, 10); + if (fleetServerPorts.includes(fleetServerPort)) { + return getFleetServerPort(); + } + fleetServerPorts.push(fleetServerPort); + return fleetServerPort; + }; + + const cleanupServerPorts = ({ + esPort, + kibanaPort, + fleetServerPort, + }: { + esPort: number; + kibanaPort: number; + fleetServerPort: number; + }) => { + _.pull(esPorts, esPort); + _.pull(kibanaPorts, kibanaPort); + _.pull(fleetServerPorts, fleetServerPort); + }; + + const failedSpecFilePaths: string[] = []; + + const runSpecs = async (filePaths: string[]) => + pMap( + filePaths, + async (filePath) => { + let result: Error | undefined; + await withProcRunner(log, async (procs) => { + const abortCtrl = new AbortController(); + + const onEarlyExit = (msg: string) => { + log.error(msg); + abortCtrl.abort(); + }; + + const esPort: number = getEsPort(); + const kibanaPort: number = getKibanaPort(); + const fleetServerPort: number = getFleetServerPort(); + + const specFileFTRConfig = parseTestFileConfig(filePath); + const ftrConfigFilePath = path.resolve( + _.isArray(argv.ftrConfigFile) ? _.last(argv.ftrConfigFile) : argv.ftrConfigFile + ); + + const config = await getFTRConfig({ + log, + esPort, + kibanaPort, + fleetServerPort, + ftrConfigFilePath, + specFilePath: filePath, + specFileFTRConfig, + isOpen, + }); + + const createUrlFromFtrConfig = ( + type: 'elasticsearch' | 'kibana' | 'fleetserver', + withAuth: boolean = false + ): string => { + const getKeyPath = (keyPath: string = ''): string => { + return `servers.${type}${keyPath ? `.${keyPath}` : ''}`; + }; + + if (!config.get(getKeyPath())) { + throw new Error(`Unable to create URL for ${type}. Not found in FTR config at `); + } + + const url = new URL('http://localhost'); + + url.port = config.get(getKeyPath('port')); + url.protocol = config.get(getKeyPath('protocol')); + url.hostname = config.get(getKeyPath('hostname')); + + if (withAuth) { + url.username = config.get(getKeyPath('username')); + url.password = config.get(getKeyPath('password')); + } + + return url.toString().replace(/\/$/, ''); + }; + + const baseUrl = createUrlFromFtrConfig('kibana'); + const lifecycle = new Lifecycle(log); + + const providers = new ProviderCollection(log, [ + ...readProviderSpec('Service', { + lifecycle: () => lifecycle, + log: () => log, + config: () => config, + }), + ...readProviderSpec('Service', config.get('services')), + ]); + + const options = { + installDir: process.env.KIBANA_INSTALL_DIR, + ci: process.env.CI, + }; + let fleetServer: StartedFleetServer | undefined; + let shutdownEs; + + try { + shutdownEs = await pRetry( + async () => + runElasticsearch({ + config, + log, + name: `ftr-${esPort}`, + esFrom: config.get('esTestCluster')?.from || 'snapshot', + onEarlyExit, + }), + { retries: 2, forever: false } + ); + await runKibanaServer({ + procs, + config, + installDir: options?.installDir, + extraKbnOpts: + options?.installDir || options?.ci || !isOpen + ? [] + : ['--dev', '--no-dev-credentials'], + onEarlyExit, + inspect: argv.inspect, + }); + + if (playwrightConfigFile.env?.WITH_FLEET_SERVER) { + log.info(`Setting up fleet-server for this Cypress config`); + + const kbnClient = createKbnClient({ + url: baseUrl, + username: config.get('servers.kibana.username'), + password: config.get('servers.kibana.password'), + log, + }); + + fleetServer = await pRetry( + async () => + startFleetServer({ + kbnClient, + logger: log, + port: + fleetServerPort ?? config.has('servers.fleetserver.port') + ? (config.get('servers.fleetserver.port') as number) + : undefined, + // `force` is needed to ensure that any currently running fleet server (perhaps left + // over from an interrupted run) is killed and a new one restarted + force: true, + }), + { retries: 2, forever: false } + ); + } + + await providers.loadAll(); + const functionalTestRunner = new FunctionalTestRunner( + log, + config, + EsVersion.getDefault() + ); + const ftrEnv = await pRetry(() => functionalTestRunner.run(abortCtrl.signal), { + retries: 1, + }); + + // Normalized the set of available env vars in Playwright + const playwrightCustomEnv = { + ...ftrEnv, + // NOTE: + // ELASTICSEARCH_URL needs to be created here with auth because SIEM Playwright setup depends on it. At some + // points we should probably try to refactor that code to use `ELASTICSEARCH_URL_WITH_AUTH` instead + ELASTICSEARCH_URL: + ftrEnv.ELASTICSEARCH_URL ?? createUrlFromFtrConfig('elasticsearch', true), + ELASTICSEARCH_URL_WITH_AUTH: createUrlFromFtrConfig('elasticsearch', true), + ELASTICSEARCH_USERNAME: + ftrEnv.ELASTICSEARCH_USERNAME ?? config.get('servers.elasticsearch.username'), + ELASTICSEARCH_PASSWORD: + ftrEnv.ELASTICSEARCH_PASSWORD ?? config.get('servers.elasticsearch.password'), + FLEET_SERVER_URL: createUrlFromFtrConfig('fleetserver'), + KIBANA_URL: baseUrl, + KIBANA_URL_WITH_AUTH: createUrlFromFtrConfig('kibana', true), + KIBANA_USERNAME: config.get('servers.kibana.username'), + KIBANA_PASSWORD: config.get('servers.kibana.password'), + IS_SERVERLESS: config.get('serverless'), + }; + + const envFilePath = path.resolve( + __dirname, + '..', + '..', + '..', + '..', + 'test', + 'security_solution_playwright', + '.env' + ); + + const envContent = Object.entries(playwrightCustomEnv) + .map(([key, value]) => `${key}=${value}`) + .join('\n'); + + fs.writeFileSync(envFilePath, envContent); + + log.info(` + ---------------------------------------------- + Playwright run ENV for file: ${filePath} + ---------------------------------------------- + `); + + const project = playwrightCustomEnv.IS_SERVERLESS ? 'serverless' : 'ess'; + + if (isOpen) { + await execa.command( + `../../../node_modules/.bin/playwright test --config ${playwrightConfigFilePath} --ui --project ${project}`, + { + env: { + ...playwrightCustomEnv, + }, + stdout: process.stdout, + } + ); + } else { + await execa.command( + `../../../node_modules/.bin/playwright test --config ${playwrightConfigFilePath} --project ${project} --grep @${project}`, + { + env: { + ...playwrightCustomEnv, + FILE_PATH: filePath, + }, + stdout: process.stdout, + } + ); + } + } catch (error) { + log.error(error); + result = error; + failedSpecFilePaths.push(filePath); + } + + if (fleetServer) { + await fleetServer.stop(); + } + + await procs.stop('kibana'); + await shutdownEs?.(); + cleanupServerPorts({ esPort, kibanaPort, fleetServerPort }); + return result; + }); + return result; + }, + { + concurrency: 1, + } + ); + + await runSpecs(files); + }, + { + flags: { + allowUnexpected: true, + }, + } + ); +}; diff --git a/x-pack/plugins/security_solution/scripts/run_playwright/start_playwright.js b/x-pack/plugins/security_solution/scripts/run_playwright/start_playwright.js new file mode 100644 index 0000000000000..e69f8aa37a89d --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/run_playwright/start_playwright.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +require('../../../../../src/setup_node_env'); +require('./playwright').cli(); diff --git a/x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts b/x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts index 2fd2d61e1cf81..964627effe28b 100644 --- a/x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts +++ b/x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts @@ -19,7 +19,6 @@ import { FtrConfigProviderContext, } from '@kbn/test'; import path from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import { STATEFUL_ROLES_ROOT_PATH } from '@kbn/es'; import { DeploymentAgnosticCommonServices, services } from '../services'; diff --git a/x-pack/test/examples/config.ts b/x-pack/test/examples/config.ts index 01144389353b2..43fc26df42ab9 100644 --- a/x-pack/test/examples/config.ts +++ b/x-pack/test/examples/config.ts @@ -7,7 +7,6 @@ import { FtrConfigProviderContext, findTestPluginPaths } from '@kbn/test'; import { resolve } from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT as KIBANA_ROOT } from '@kbn/repo-info'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { diff --git a/x-pack/test/functional/services/ml/stack_management_jobs.ts b/x-pack/test/functional/services/ml/stack_management_jobs.ts index bbf985d4c0d67..ef40f8e7bc06d 100644 --- a/x-pack/test/functional/services/ml/stack_management_jobs.ts +++ b/x-pack/test/functional/services/ml/stack_management_jobs.ts @@ -6,7 +6,6 @@ */ import expect from '@kbn/expect'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import fs from 'fs'; import path from 'path'; diff --git a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/shared/config.ts b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/shared/config.ts index eedd329f2b627..b72b4f600d3d8 100644 --- a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/shared/config.ts +++ b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/shared/config.ts @@ -7,7 +7,6 @@ import { FtrConfigProviderContext, findTestPluginPaths } from '@kbn/test'; import { resolve } from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT as KIBANA_ROOT } from '@kbn/repo-info'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { diff --git a/x-pack/test/licensing_plugin/config.public.ts b/x-pack/test/licensing_plugin/config.public.ts index efe6a950ffeb1..01ad77d8b3d80 100644 --- a/x-pack/test/licensing_plugin/config.public.ts +++ b/x-pack/test/licensing_plugin/config.public.ts @@ -6,7 +6,6 @@ */ import path from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT as KIBANA_ROOT } from '@kbn/repo-info'; import { FtrConfigProviderContext } from '@kbn/test'; diff --git a/x-pack/test/load/runner.ts b/x-pack/test/load/runner.ts index 3a54c218d4ef0..7bb7189269040 100644 --- a/x-pack/test/load/runner.ts +++ b/x-pack/test/load/runner.ts @@ -7,7 +7,6 @@ import { withProcRunner } from '@kbn/dev-proc-runner'; import { resolve } from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import Fs from 'fs'; import { createFlagError } from '@kbn/dev-cli-errors'; diff --git a/x-pack/test/plugin_functional/config.ts b/x-pack/test/plugin_functional/config.ts index 825d3e7c1bad7..6d35ff68f8890 100644 --- a/x-pack/test/plugin_functional/config.ts +++ b/x-pack/test/plugin_functional/config.ts @@ -6,7 +6,6 @@ */ import { resolve } from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT as KIBANA_ROOT } from '@kbn/repo-info'; import { FtrConfigProviderContext, findTestPluginPaths } from '@kbn/test'; import { services } from './services'; diff --git a/x-pack/test/saved_object_api_integration/common/config.ts b/x-pack/test/saved_object_api_integration/common/config.ts index 553762760b197..d6d450f4cdcbe 100644 --- a/x-pack/test/saved_object_api_integration/common/config.ts +++ b/x-pack/test/saved_object_api_integration/common/config.ts @@ -6,8 +6,6 @@ */ import path from 'path'; - -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import { FtrConfigProviderContext } from '@kbn/test'; diff --git a/x-pack/test/scalability/config.ts b/x-pack/test/scalability/config.ts index 3315276a688ca..cc47d4e2f2806 100644 --- a/x-pack/test/scalability/config.ts +++ b/x-pack/test/scalability/config.ts @@ -8,7 +8,6 @@ import { FtrConfigProviderContext, getKibanaCliLoggers } from '@kbn/test'; import fs from 'fs'; import path from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import { createFlagError } from '@kbn/dev-cli-errors'; import { v4 as uuidV4 } from 'uuid'; diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts index 1bed88858601d..58d873369d99d 100644 --- a/x-pack/test/security_solution_cypress/config.ts +++ b/x-pack/test/security_solution_cypress/config.ts @@ -55,6 +55,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { // packages listed in fleet_packages.json // See: https://elastic.slack.com/archives/CNMNXV4RG/p1683033379063079 `--xpack.fleet.developer.bundledPackageLocation=./inexistentDir`, + '--csp.strict=false', + '--csp.warnLegacyBrowsers=false', ], }, }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts index 7c78858070a20..80d7c2c106815 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts @@ -11,8 +11,8 @@ import { AllConnectorsResponse } from '@kbn/actions-plugin/common/routes/connect import { DETECTION_ENGINE_RULES_BULK_ACTION } from '@kbn/security-solution-plugin/common/constants'; import { ELASTICSEARCH_PASSWORD, ELASTICSEARCH_USERNAME } from '../../env_var_names_constants'; import { deleteAllDocuments } from './elasticsearch'; -import { DEFAULT_ALERTS_INDEX_PATTERN } from './alerts'; import { getSpaceUrl } from '../space'; +import { DEFAULT_ALERTS_INDEX_PATTERN } from './alerts'; export const API_AUTH = Object.freeze({ user: Cypress.env(ELASTICSEARCH_USERNAME), diff --git a/x-pack/test/security_solution_cypress/serverless_config.ts b/x-pack/test/security_solution_cypress/serverless_config.ts index c397eed4385f9..226f2db6dbbc0 100644 --- a/x-pack/test/security_solution_cypress/serverless_config.ts +++ b/x-pack/test/security_solution_cypress/serverless_config.ts @@ -35,6 +35,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { { product_line: 'cloud', product_tier: 'complete' }, ])}`, `--xpack.securitySolution.enableExperimental=${JSON.stringify(['manualRuleRunEnabled'])}`, + '--csp.strict=false', + '--csp.warnLegacyBrowsers=false', ], }, testRunner: SecuritySolutionConfigurableCypressTestRunner, diff --git a/x-pack/test/security_solution_playwright/api_utils/api_key.ts b/x-pack/test/security_solution_playwright/api_utils/api_key.ts new file mode 100644 index 0000000000000..e1f93c9937961 --- /dev/null +++ b/x-pack/test/security_solution_playwright/api_utils/api_key.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import axios from 'axios'; +import fs from 'fs'; +import yaml from 'js-yaml'; +import { ToolingLog } from '@kbn/tooling-log'; +import { HostOptions, SamlSessionManager } from '@kbn/test'; +import { resolve } from 'path'; +import { REPO_ROOT } from '@kbn/repo-info'; + +const getYamlData = (filePath: string): any => { + const fileContents = fs.readFileSync(filePath, 'utf8'); + return yaml.safeLoad(fileContents); +}; + +const getRoleConfiguration = (role: string, filePath: string): any => { + const data = getYamlData(filePath); + if (data[role]) { + return data[role]; + } else { + throw new Error(`Role '${role}' not found in the YAML file.`); + } +}; + +const rolesPath = + '../../../packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml'; + +export const getApiKeyForUser = async () => { + const log = new ToolingLog({ level: 'verbose', writeTo: process.stdout }); + + const kbnHost = process.env.KIBANA_URL || process.env.BASE_URL; + const kbnUrl = new URL(kbnHost!); + + const hostOptions: HostOptions = { + protocol: kbnUrl.protocol as 'http' | 'https', + hostname: kbnUrl.hostname, + port: parseInt(kbnUrl.port, 10), + username: process.env.ELASTICSEARCH_USERNAME ?? '', + password: process.env.ELASTICSEARCH_PASSWORD ?? '', + }; + + const rolesFilename = process.env.PROXY_ORG ? `${process.env.PROXY_ORG}.json` : undefined; + const cloudUsersFilePath = resolve(REPO_ROOT, '.ftr', rolesFilename ?? 'role_users.json'); + + const samlSessionManager = new SamlSessionManager({ + hostOptions, + log, + isCloud: process.env.CLOUD_SERVERLESS === 'true', + cloudUsersFilePath, + }); + + const adminCookieHeader = await samlSessionManager.getApiCredentialsForRole('admin'); + + let roleDescriptor = {}; + + const roleConfig = getRoleConfiguration('admin', rolesPath); + + roleDescriptor = { ['system_indices_superuser']: roleConfig }; + + const response = await axios.post( + `${process.env.KIBANA_URL}/internal/security/api_key`, + { + name: 'myTestApiKey', + metadata: {}, + role_descriptors: roleDescriptor, + }, + { + headers: { + 'kbn-xsrf': 'cypress-creds', + 'x-elastic-internal-origin': 'security-solution', + ...adminCookieHeader, + }, + } + ); + + const apiKey = response.data.encoded; + + return apiKey; +}; diff --git a/x-pack/test/security_solution_playwright/api_utils/documents.ts b/x-pack/test/security_solution_playwright/api_utils/documents.ts new file mode 100644 index 0000000000000..b2432039e8a0b --- /dev/null +++ b/x-pack/test/security_solution_playwright/api_utils/documents.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { APIRequestContext } from '@playwright/test'; +import { getCommonHeaders } from './headers'; + +export const deleteAllSecurityDocuments = async (request: APIRequestContext) => { + const securityIndexes = `.lists-*,.items-*,.alerts-security.alerts-*`; + const headers = await getCommonHeaders(); + + await request.post(`${process.env.ELASTICSEARCH_URL}/${securityIndexes}/_refresh`, { + headers, + }); + + await request.post( + `${process.env.ELASTICSEARCH_URL}/${securityIndexes}/_delete_by_query?conflicts=proceed&scroll_size=10000&refresh`, + { + headers, + data: { + query: { + match_all: {}, + }, + }, + } + ); +}; diff --git a/x-pack/test/security_solution_playwright/api_utils/headers.ts b/x-pack/test/security_solution_playwright/api_utils/headers.ts new file mode 100644 index 0000000000000..dfca3255dcc70 --- /dev/null +++ b/x-pack/test/security_solution_playwright/api_utils/headers.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { INITIAL_REST_VERSION } from '@kbn/data-views-plugin/server/constants'; +import { getApiKeyForUser } from './api_key'; + +export const getCommonHeaders = async (additionalHeaders: Record = {}) => { + let auth = ''; + + if (process.env.IS_SERVERLESS === 'true') { + const apiKey = await getApiKeyForUser(); + auth = `ApiKey ${apiKey}`; + } else { + const username = process.env.ELASTICSEARCH_USERNAME || ''; + const password = process.env.ELASTICSEARCH_PASSWORD || ''; + const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64'); + + auth = `Basic ${encodedCredentials}`; + } + return { + 'kbn-xsrf': 'cypress-creds', + 'x-elastic-internal-origin': 'security-solution', + Authorization: auth, + ...additionalHeaders, + }; +}; + +export const getCommonHeadersWithApiVersion = async () => { + const header = await getCommonHeaders({ + 'elastic-api-version': INITIAL_REST_VERSION, + }); + return header; +}; diff --git a/x-pack/test/security_solution_playwright/api_utils/rules.ts b/x-pack/test/security_solution_playwright/api_utils/rules.ts new file mode 100644 index 0000000000000..0c6679472b22d --- /dev/null +++ b/x-pack/test/security_solution_playwright/api_utils/rules.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + DETECTION_ENGINE_RULES_BULK_ACTION, + DETECTION_ENGINE_RULES_URL, +} from '@kbn/security-solution-plugin/common/constants'; +import { APIRequestContext } from '@playwright/test'; +import { getRuleForAlertTesting } from '../../common/utils/security_solution'; +import { getCommonHeadersWithApiVersion } from './headers'; + +const indexes = [ + 'apm-*-transaction*', + 'auditbeat-*', + 'endgame-*', + 'filebeat-*', + 'logs-*', + 'packetbeat-*', + 'traces-apm*', + 'winlogbeat-*', + '-*elastic-cloud-logs-*', +]; + +export const createRule = async (request: APIRequestContext) => { + const data = getRuleForAlertTesting(indexes); + const headers = await getCommonHeadersWithApiVersion(); + const response = await request.post(DETECTION_ENGINE_RULES_URL, { + data, + headers, + }); + + return await response.json(); +}; + +export const deleteAllRules = async (request: APIRequestContext) => { + const headers = await getCommonHeadersWithApiVersion(); + const response = await request.post(DETECTION_ENGINE_RULES_BULK_ACTION, { + data: { + query: '', + action: 'delete', + }, + headers, + }); + + return await response.json(); +}; diff --git a/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/data.json b/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/data.json new file mode 100644 index 0000000000000..cb9a035e8d19d --- /dev/null +++ b/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/data.json @@ -0,0 +1,123 @@ +{ + "type": "doc", + "value": { + "id": "_aZE5nwBOpWiDweSth_E", + "index": "auditbeat-2022", + "source": { + "@timestamp" : "2022-03-04T19:41:34.045Z", + "host" : { + "hostname" : "test.local", + "architecture" : "x86_64", + "os" : { + "platform" : "darwin", + "version" : "10.16", + "family" : "darwin", + "name" : "Mac OS X", + "kernel" : "21.3.0", + "build" : "21D62", + "type" : "macos" + }, + "id" : "44426D67-79AB-547C-7777-440AB8F5DDD2", + "ip" : [ + "fe80::bade:48ff:fe00:1122", + "fe81::4ab:9565:1199:be3", + "192.168.5.175", + "fe80::40d7:d0ff:fe66:f55", + "fe81::40d8:d0ff:fe66:f55", + "fe82::c2c:6bdf:3307:dce0", + "fe83::5069:fcd5:e31c:7059", + "fe80::ce81:b2c:bd2c:69e", + "fe80::febc:bbc1:c517:827b", + "fe80::6d09:bee6:55a5:539d", + "fe80::c920:752e:1e0e:edc9", + "fe80::a4a:ca38:761f:83e2" + ], + "mac" : [ + "ad:df:48:00:11:22", + "a6:86:e7:ae:5a:b6", + "a9:83:e7:ae:5a:b6", + "43:d8:d0:66:0f:55", + "42:d8:d0:66:0f:57", + "82:70:c7:c2:3c:01", + "82:70:c6:c2:4c:00", + "82:76:a6:c2:3c:05", + "82:70:c6:b2:3c:04", + "82:71:a6:c2:3c:01" + ], + "name" : "siem-kibana" + }, + "agent" : { + "type" : "winlogbeat", + "version" : "8.1.0", + "ephemeral_id" : "f6df090f-656a-4a79-a6a1-0c8671c9752d", + "id" : "0ebd469b-c164-4734-00e6-96d018098dc7", + "name" : "test.local" + }, + "event" : { + "module" : "sysmon", + "dataset" : "process", + "kind" : "event", + "category" : [ + "process" + ], + "type" : [ + "start" + ], + "action" : "process_started" + }, + "destination": { + "port": 80 + }, + "process" : { + "start" : "2022-03-04T19:41:34.902Z", + "pid" : 30884, + "working_directory" : "/Users/test/security_solution", + "hash" : { + "sha1" : "ae2d46c38fa207efbea5fcecd6294eebbf5af00f" + }, + "parent" : { + "pid" : 777 + }, + "executable" : "/bin/zsh", + "name" : "zsh", + "args" : [ + "-zsh", + "unique" + ], + "entity_id" : "q6pltOhTWlQx3BCE", + "entry_leader": { + "entity_id": "q6pltOhTWlQx3BCE", + "name": "fake entry", + "pid": 2342342 + } + }, + "message" : "Process zsh (PID: 27884) by user test STARTED", + "user" : { + "id" : "505", + "group" : { + "name" : "staff", + "id" : "20" + }, + "effective" : { + "id" : "505", + "group" : { + "id" : "20" + } + }, + "saved" : { + "id" : "505", + "group" : { + "id" : "20" + } + }, + "name" : "test" + }, + "service" : { + "type" : "system" + }, + "ecs" : { + "version" : "8.0.0" + } + } + } +} diff --git a/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/mappings.json b/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/mappings.json new file mode 100644 index 0000000000000..091dc0d33f6cd --- /dev/null +++ b/x-pack/test/security_solution_playwright/es_archives/auditbeat_single/mappings.json @@ -0,0 +1,7854 @@ +{ + "type": "index", + "value": { + "aliases": { + "auditbeat": { + "is_write_index": false + } + }, + "settings": { + "index": { + "refresh_interval": "5s" + }, + "index.mapping.total_fields.limit": 2000 + }, + "index": "auditbeat-2022", + "mappings": { + "date_detection": false, + "dynamic_templates" : [ + { + "labels" : { + "path_match" : "labels.*", + "match_mapping_type" : "string", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "container.labels" : { + "path_match" : "container.labels.*", + "match_mapping_type" : "string", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "fields" : { + "path_match" : "fields.*", + "match_mapping_type" : "string", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "docker.container.labels" : { + "path_match" : "docker.container.labels.*", + "match_mapping_type" : "string", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "kubernetes.labels.*" : { + "path_match" : "kubernetes.labels.*", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "kubernetes.annotations.*" : { + "path_match" : "kubernetes.annotations.*", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "kubernetes.selectors.*" : { + "path_match" : "kubernetes.selectors.*", + "mapping" : { + "type" : "keyword" + } + } + }, + { + "strings_as_keyword" : { + "match_mapping_type" : "string", + "mapping" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + ], + "properties" : { + "@timestamp" : { + "type" : "date" + }, + "agent" : { + "properties" : { + "build" : { + "properties" : { + "original" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ephemeral_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hostname" : { + "type" : "alias", + "path" : "agent.name" + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "auditd" : { + "properties" : { + "data" : { + "properties" : { + "a0" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "a1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "a2" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "a3" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "a[0-3]" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "acct" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "acl" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "action" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "added" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "addr" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "apparmor" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "arch" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "argc" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "audit_backlog_limit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "audit_backlog_wait_time" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "audit_enabled" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "audit_failure" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "banners" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "bool" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "bus" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_fe" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_fi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_fp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_fver" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_pe" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_pi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cap_pp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "capability" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cgroup" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "changed" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cipher" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cmd" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "compat" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "daddr" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "default-context" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "device" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "dir" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "direction" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "dmac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "dport" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "enforcing" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fam" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fd" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fe" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "feature" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "format" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fver" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "grantors" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "grp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hook" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hostname" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "icmp_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "igid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "img-ctx" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "inif" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ino" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "inode_gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "inode_uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "invalid_context" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ioctlcmd" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ip" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ipid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ipx-net" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "items" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "iuid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "kind" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ksize" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "laddr" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "len" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "list" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "lport" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "macproto" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "maj" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "major" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "minor" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "model" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "msg" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nargs" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "net" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-chardev" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-disk" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-enabled" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-fs" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-log_passwd" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-mem" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-net" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-range" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-rng" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-role" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-seuser" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new-vcpu" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new_gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new_lock" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new_pe" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new_pi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "new_pp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nlnk-fam" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nlnk-grp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nlnk-pid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "oauid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ocomm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "oflag" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-auid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-chardev" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-disk" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-enabled" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-fs" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-log_passwd" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-mem" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-net" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-range" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-rng" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-role" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-ses" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-seuser" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old-vcpu" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_enforcing" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_lock" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_pe" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_pi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_pp" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_prom" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "old_val" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "op" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "opid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "oses" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "outif" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "parent" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "per" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "perm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "perm_mask" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "permissive" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "pfs" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "printer" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "prom" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "proto" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "qbytes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "range" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reason" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "removed" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "res" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "resrc" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "rport" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sauid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "scontext" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "selected-context" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "seperm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "seperms" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "seqno" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "seresult" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ses" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "seuser" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sig" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sigev_signo" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "smac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "socket" : { + "properties" : { + "addr" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "port" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "saddr" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "spid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sport" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subj" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "success" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "syscall" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "table" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "tclass" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "tcontext" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "terminal" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "tty" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uri" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uuid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "val" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ver" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virt" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vm-ctx" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vm-pid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "watch" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "message_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "paths" : { + "properties" : { + "dev" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "inode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "item" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nametype" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_role" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "obj_user" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "objtype" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ogid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ouid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "rdev" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "result" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sequence" : { + "type" : "long" + }, + "session" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "summary" : { + "properties" : { + "actor" : { + "properties" : { + "primary" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "secondary" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "how" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "object" : { + "properties" : { + "primary" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "secondary" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } + }, + "client" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nat" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "port" : { + "type" : "long" + } + } + }, + "packets" : { + "type" : "long" + }, + "port" : { + "type" : "long" + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "cloud" : { + "properties" : { + "account" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "availability_zone" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "image" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "instance" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "machine" : { + "properties" : { + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "origin" : { + "properties" : { + "account" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "availability_zone" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "instance" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "machine" : { + "properties" : { + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "project" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "service" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "project" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "service" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "target" : { + "properties" : { + "account" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "availability_zone" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "instance" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "machine" : { + "properties" : { + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "project" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "service" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "container" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "image" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "tag" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "labels" : { + "type" : "object" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "runtime" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "data_stream" : { + "properties" : { + "dataset" : { + "type" : "constant_keyword" + }, + "namespace" : { + "type" : "constant_keyword" + }, + "type" : { + "type" : "constant_keyword" + } + } + }, + "destination" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nat" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "port" : { + "type" : "long" + } + } + }, + "packets" : { + "type" : "long" + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "port" : { + "type" : "long" + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "dll" : { + "properties" : { + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "dns" : { + "properties" : { + "answers" : { + "properties" : { + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ttl" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "header_flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "op_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "question" : { + "properties" : { + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "resolved_ip" : { + "type" : "ip" + }, + "response_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "docker" : { + "properties" : { + "container" : { + "properties" : { + "labels" : { + "type" : "object" + } + } + } + } + }, + "ecs" : { + "properties" : { + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "error" : { + "properties" : { + "code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "message" : { + "type" : "match_only_text" + }, + "stack_trace" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "event" : { + "properties" : { + "action" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "agent_id_status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "category" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "created" : { + "type" : "date" + }, + "dataset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "duration" : { + "type" : "long" + }, + "end" : { + "type" : "date" + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ingested" : { + "type" : "date" + }, + "kind" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "module" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "origin" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original" : { + "type" : "keyword", + "index" : false, + "doc_values" : false, + "ignore_above" : 1024 + }, + "outcome" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reason" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "risk_score" : { + "type" : "float" + }, + "risk_score_norm" : { + "type" : "float" + }, + "sequence" : { + "type" : "long" + }, + "severity" : { + "type" : "long" + }, + "start" : { + "type" : "date" + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "url" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "faas" : { + "properties" : { + "coldstart" : { + "type" : "boolean" + }, + "execution" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "trigger" : { + "type" : "nested", + "properties" : { + "request_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "fields" : { + "type" : "object" + }, + "file" : { + "properties" : { + "accessed" : { + "type" : "date" + }, + "attributes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "created" : { + "type" : "date" + }, + "ctime" : { + "type" : "date" + }, + "device" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "directory" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "drive_letter" : { + "type" : "keyword", + "ignore_above" : 1 + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fork_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "group" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "inode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mime_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mtime" : { + "type" : "date" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "origin" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "text", + "norms" : false + } + } + }, + "owner" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "selinux" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "role" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "setgid" : { + "type" : "boolean" + }, + "setuid" : { + "type" : "boolean" + }, + "size" : { + "type" : "long" + }, + "target_path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "geoip" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "properties" : { + "blake2b_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "blake2b_384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "blake2b_512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512_224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "xxh64" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "host" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "containerized" : { + "type" : "boolean" + }, + "cpu" : { + "properties" : { + "usage" : { + "type" : "scaled_float", + "scaling_factor" : 1000.0 + } + } + }, + "disk" : { + "properties" : { + "read" : { + "properties" : { + "bytes" : { + "type" : "long" + } + } + }, + "write" : { + "properties" : { + "bytes" : { + "type" : "long" + } + } + } + } + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hostname" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "network" : { + "properties" : { + "egress" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "packets" : { + "type" : "long" + } + } + }, + "ingress" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "packets" : { + "type" : "long" + } + } + } + } + }, + "os" : { + "properties" : { + "build" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "codename" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "platform" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uptime" : { + "type" : "long" + } + } + }, + "http" : { + "properties" : { + "request" : { + "properties" : { + "body" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "content" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "method" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mime_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "referrer" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "response" : { + "properties" : { + "body" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "content" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "mime_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status_code" : { + "type" : "long" + } + } + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "interface" : { + "properties" : { + "alias" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "jolokia" : { + "properties" : { + "agent" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "secured" : { + "type" : "boolean" + }, + "server" : { + "properties" : { + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vendor" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "url" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "kubernetes" : { + "properties" : { + "annotations" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "container" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "deployment" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "labels" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "namespace" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "node" : { + "properties" : { + "hostname" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "pod" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uid" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "replicaset" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "selectors" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "statefulset" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "labels" : { + "type" : "object" + }, + "log" : { + "properties" : { + "file" : { + "properties" : { + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "logger" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "origin" : { + "properties" : { + "file" : { + "properties" : { + "line" : { + "type" : "long" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "function" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "syslog" : { + "properties" : { + "facility" : { + "properties" : { + "code" : { + "type" : "long" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "priority" : { + "type" : "long" + }, + "severity" : { + "properties" : { + "code" : { + "type" : "long" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } + }, + "message" : { + "type" : "match_only_text" + }, + "network" : { + "properties" : { + "application" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "bytes" : { + "type" : "long" + }, + "community_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "direction" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "forwarded_ip" : { + "type" : "ip" + }, + "iana_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "inner" : { + "properties" : { + "vlan" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "packets" : { + "type" : "long" + }, + "protocol" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "transport" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vlan" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "observer" : { + "properties" : { + "egress" : { + "properties" : { + "interface" : { + "properties" : { + "alias" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "vlan" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "zone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hostname" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ingress" : { + "properties" : { + "interface" : { + "properties" : { + "alias" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "vlan" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "zone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os" : { + "properties" : { + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "platform" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "vendor" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "orchestrator" : { + "properties" : { + "api_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cluster" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "url" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "namespace" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "resource" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "organization" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + }, + "os" : { + "properties" : { + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "platform" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "package" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "build_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "checksum" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "install_scope" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "installed" : { + "type" : "date" + }, + "license" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "process" : { + "properties" : { + "args" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "args_count" : { + "type" : "long" + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "command_line" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "end" : { + "type" : "date" + }, + "entity_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "executable" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "exit_code" : { + "type" : "long" + }, + "hash" : { + "properties" : { + "blake2b_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "blake2b_384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "blake2b_512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_384" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha3_512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512_224" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512_256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "xxh64" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "owner" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "text", + "norms" : false + } + } + } + } + }, + "parent" : { + "properties" : { + "args" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "args_count" : { + "type" : "long" + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "command_line" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "end" : { + "type" : "date" + }, + "entity_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "executable" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "exit_code" : { + "type" : "long" + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "pgid" : { + "type" : "long" + }, + "pid" : { + "type" : "long" + }, + "start" : { + "type" : "date" + }, + "thread" : { + "properties" : { + "id" : { + "type" : "long" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "title" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "uptime" : { + "type" : "long" + }, + "working_directory" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "pgid" : { + "type" : "long" + }, + "pid" : { + "type" : "long" + }, + "start" : { + "type" : "date" + }, + "thread" : { + "properties" : { + "id" : { + "type" : "long" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "title" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "uptime" : { + "type" : "long" + }, + "working_directory" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + }, + "registry" : { + "properties" : { + "data" : { + "properties" : { + "bytes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "strings" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hive" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "key" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "value" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "related" : { + "properties" : { + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hosts" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ip" : { + "type" : "ip" + }, + "user" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "rule" : { + "properties" : { + "author" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "category" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "license" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ruleset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uuid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "server" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nat" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "port" : { + "type" : "long" + } + } + }, + "packets" : { + "type" : "long" + }, + "port" : { + "type" : "long" + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "service" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "environment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ephemeral_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "node" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "origin" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "environment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ephemeral_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "node" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "state" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "state" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "target" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "environment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ephemeral_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "node" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "state" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "socket" : { + "properties" : { + "entity_id" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "source" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "nat" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "port" : { + "type" : "long" + } + } + }, + "packets" : { + "type" : "long" + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "port" : { + "type" : "long" + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "span" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "system" : { + "properties" : { + "audit" : { + "properties" : { + "host" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "boottime" : { + "type" : "date" + }, + "containerized" : { + "type" : "boolean" + }, + "hostname" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os" : { + "properties" : { + "codename" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "platform" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "timezone" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "offset" : { + "properties" : { + "sec" : { + "type" : "long" + } + } + } + } + }, + "uptime" : { + "type" : "long" + } + } + }, + "package" : { + "properties" : { + "arch" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entity_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "installtime" : { + "type" : "date" + }, + "license" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "release" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "size" : { + "type" : "long" + }, + "summary" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "url" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "user" : { + "properties" : { + "dir" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "group" : { + "type" : "object" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "password" : { + "properties" : { + "last_changed" : { + "type" : "date" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shell" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user_information" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } + }, + "tags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "threat" : { + "properties" : { + "enrichments" : { + "type" : "nested", + "properties" : { + "indicator" : { + "properties" : { + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "confidence" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "file" : { + "properties" : { + "accessed" : { + "type" : "date" + }, + "attributes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "created" : { + "type" : "date" + }, + "ctime" : { + "type" : "date" + }, + "device" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "directory" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "drive_letter" : { + "type" : "keyword", + "ignore_above" : 1 + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fork_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "group" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "inode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mime_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mtime" : { + "type" : "date" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "owner" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "size" : { + "type" : "long" + }, + "target_path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "first_seen" : { + "type" : "date" + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "last_seen" : { + "type" : "date" + }, + "marking" : { + "properties" : { + "tlp" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "modified_at" : { + "type" : "date" + }, + "port" : { + "type" : "long" + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registry" : { + "properties" : { + "data" : { + "properties" : { + "bytes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "strings" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hive" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "key" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "value" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "scanner_stats" : { + "type" : "long" + }, + "sightings" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "url" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fragment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "original" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "password" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "port" : { + "type" : "long" + }, + "query" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "scheme" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "username" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "matched" : { + "properties" : { + "atomic" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "field" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "index" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "framework" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "group" : { + "properties" : { + "alias" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "indicator" : { + "properties" : { + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + } + } + } + } + }, + "confidence" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "properties" : { + "address" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "file" : { + "properties" : { + "accessed" : { + "type" : "date" + }, + "attributes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "code_signature" : { + "properties" : { + "digest_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "exists" : { + "type" : "boolean" + }, + "signing_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "status" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "team_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timestamp" : { + "type" : "date" + }, + "trusted" : { + "type" : "boolean" + }, + "valid" : { + "type" : "boolean" + } + } + }, + "created" : { + "type" : "date" + }, + "ctime" : { + "type" : "date" + }, + "device" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "directory" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "drive_letter" : { + "type" : "keyword", + "ignore_above" : 1 + }, + "elf" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "byte_order" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "cpu_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "creation_date" : { + "type" : "date" + }, + "exports" : { + "type" : "flattened" + }, + "header" : { + "properties" : { + "abi_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "class" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "data" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entrypoint" : { + "type" : "long" + }, + "object_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "os_abi" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "imports" : { + "type" : "flattened" + }, + "sections" : { + "type" : "nested", + "properties" : { + "chi2" : { + "type" : "long" + }, + "entropy" : { + "type" : "long" + }, + "flags" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_offset" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "physical_size" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "virtual_address" : { + "type" : "long" + }, + "virtual_size" : { + "type" : "long" + } + } + }, + "segments" : { + "type" : "nested", + "properties" : { + "sections" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "shared_libraries" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "telfhash" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fork_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "gid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "group" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha512" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ssdeep" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "inode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mime_type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mode" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "mtime" : { + "type" : "date" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "owner" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "pe" : { + "properties" : { + "architecture" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "company" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "file_version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "imphash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original_file_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "product" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "size" : { + "type" : "long" + }, + "target_path" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "uid" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "first_seen" : { + "type" : "date" + }, + "geo" : { + "properties" : { + "city_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "continent_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "location" : { + "type" : "geo_point" + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "postal_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_iso_code" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "region_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "timezone" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "ip" : { + "type" : "ip" + }, + "last_seen" : { + "type" : "date" + }, + "marking" : { + "properties" : { + "tlp" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "modified_at" : { + "type" : "date" + }, + "port" : { + "type" : "long" + }, + "provider" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registry" : { + "properties" : { + "data" : { + "properties" : { + "bytes" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "strings" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hive" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "key" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "value" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "scanner_stats" : { + "type" : "long" + }, + "sightings" : { + "type" : "long" + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "url" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fragment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "original" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "password" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "port" : { + "type" : "long" + }, + "query" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "scheme" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "username" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "software" : { + "properties" : { + "alias" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "platforms" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "tactic" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "technique" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subtechnique" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } + }, + "timeseries" : { + "properties" : { + "instance" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "tls" : { + "properties" : { + "cipher" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "client" : { + "properties" : { + "certificate" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "certificate_chain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "issuer" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ja3" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "server_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "supported_ciphers" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "established" : { + "type" : "boolean" + }, + "next_protocol" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "resumed" : { + "type" : "boolean" + }, + "server" : { + "properties" : { + "certificate" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "certificate_chain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "hash" : { + "properties" : { + "md5" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha1" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "sha256" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "issuer" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "ja3s" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "subject" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version_protocol" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "trace" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "transaction" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "url" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "extension" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "fragment" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "original" : { + "type" : "wildcard", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "password" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "path" : { + "type" : "wildcard", + "ignore_above" : 1024 + }, + "port" : { + "type" : "long" + }, + "query" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "registered_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "scheme" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subdomain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "top_level_domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "username" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "user" : { + "properties" : { + "audit" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "changes" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "effective" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "entity_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "filesystem" : { + "properties" : { + "group" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "saved" : { + "properties" : { + "group" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "selinux" : { + "properties" : { + "category" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "level" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "role" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "user" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "target" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "email" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full_name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "group" : { + "properties" : { + "domain" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "hash" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "roles" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "terminal" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "user_agent" : { + "properties" : { + "device" : { + "properties" : { + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "original" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "os" : { + "properties" : { + "family" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "full" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "kernel" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "platform" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "type" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "vlan" : { + "properties" : { + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "name" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "vulnerability" : { + "properties" : { + "category" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "classification" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "description" : { + "type" : "keyword", + "ignore_above" : 1024, + "fields" : { + "text" : { + "type" : "match_only_text" + } + } + }, + "enumeration" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "reference" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "report_id" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "scanner" : { + "properties" : { + "vendor" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "score" : { + "properties" : { + "base" : { + "type" : "float" + }, + "environmental" : { + "type" : "float" + }, + "temporal" : { + "type" : "float" + }, + "version" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "severity" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "x509" : { + "properties" : { + "alternative_names" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "issuer" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "not_after" : { + "type" : "date" + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_curve" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "public_key_exponent" : { + "type" : "long", + "index" : false, + "doc_values" : false + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "signature_algorithm" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "subject" : { + "properties" : { + "common_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "country" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "distinguished_name" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "locality" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organization" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "organizational_unit" : { + "type" : "keyword", + "ignore_above" : 1024 + }, + "state_or_province" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + }, + "version_number" : { + "type" : "keyword", + "ignore_above" : 1024 + } + } + } + } + } + } +} diff --git a/x-pack/test/security_solution_playwright/fixtures/es_archiver.ts b/x-pack/test/security_solution_playwright/fixtures/es_archiver.ts new file mode 100644 index 0000000000000..f51b2bf3464bc --- /dev/null +++ b/x-pack/test/security_solution_playwright/fixtures/es_archiver.ts @@ -0,0 +1,61 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import Fs from 'fs'; +import * as Url from 'url'; +import { EsArchiver } from '@kbn/es-archiver'; +import { createEsClientForTesting, KbnClient, systemIndicesSuperuser } from '@kbn/test'; +import { ToolingLog } from '@kbn/tooling-log'; +import { CA_CERT_PATH } from '@kbn/dev-utils'; + +export const createEsArchiver = async () => { + const log = new ToolingLog({ level: 'verbose', writeTo: process.stdout }); + + const isServerless = process.env.IS_SERVERLESS === 'true'; + const isCloudServerless = process.env.CLOUD_SERVERLESS === 'true'; + + const serverlessCloudUser = { + username: process.env.ELASTICSEARCH_USERNAME ?? '', + password: process.env.ELASTICSEARCH_PASSWORD ?? '', + }; + + if (isServerless && (!serverlessCloudUser.username || !serverlessCloudUser.password)) { + throw new Error( + 'ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD must be defined for serverless configuration' + ); + } + + let authOverride; + if (isServerless) { + authOverride = isCloudServerless ? serverlessCloudUser : systemIndicesSuperuser; + } + + const esUrl = process.env.ELASTICSEARCH_URL; + if (!esUrl) { + throw new Error('ELASTICSEARCH_URL environment variable is not set'); + } + + const client = createEsClientForTesting({ + esUrl: Url.format(new URL(esUrl)), + authOverride, + }); + + const kibanaUrl = process.env.KIBANA_URL || process.env.BASE_URL; + + const kbnClient = new KbnClient({ + log, + url: kibanaUrl as string, + ...(esUrl.includes('https') ? { certificateAuthorities: [Fs.readFileSync(CA_CERT_PATH)] } : {}), + }); + + return new EsArchiver({ + log, + client, + kbnClient, + baseDir: './es_archives', + }); +}; diff --git a/x-pack/test/security_solution_playwright/fixtures/saml.ts b/x-pack/test/security_solution_playwright/fixtures/saml.ts new file mode 100644 index 0000000000000..4b6eaccd34fba --- /dev/null +++ b/x-pack/test/security_solution_playwright/fixtures/saml.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { test as base } from '@playwright/test'; +import { ToolingLog } from '@kbn/tooling-log'; +import { HostOptions, SamlSessionManager } from '@kbn/test'; +import { resolve } from 'path'; +import { REPO_ROOT } from '@kbn/repo-info'; + +export const test = base.extend({ + samlSessionManager: async ({}, use) => { + const log = new ToolingLog({ level: 'verbose', writeTo: process.stdout }); + + const kbnHost = process.env.KIBANA_URL || process.env.BASE_URL; + const kbnUrl = new URL(kbnHost!); + + const hostOptions: HostOptions = { + protocol: kbnUrl.protocol as 'http' | 'https', + hostname: kbnUrl.hostname, + port: parseInt(kbnUrl.port, 10), + username: process.env.ELASTICSEARCH_USERNAME ?? '', + password: process.env.ELASTICSEARCH_PASSWORD ?? '', + }; + + const rolesFilename = process.env.PROXY_ORG ? `${process.env.PROXY_ORG}.json` : undefined; + const cloudUsersFilePath = resolve(REPO_ROOT, '.ftr', rolesFilename ?? 'role_users.json'); + + const samlSessionManager = new SamlSessionManager({ + hostOptions, + log, + isCloud: process.env.CLOUD_SERVERLESS === 'true', + cloudUsersFilePath, + }); + + await use(samlSessionManager); + }, +}); diff --git a/x-pack/test/security_solution_playwright/index.d.ts b/x-pack/test/security_solution_playwright/index.d.ts new file mode 100644 index 0000000000000..6b6ef5bce03df --- /dev/null +++ b/x-pack/test/security_solution_playwright/index.d.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +declare module '@kbn/repo-info' { + export const REPO_ROOT: string; +} +declare global { + const ReadableStream: any; +} diff --git a/x-pack/test/security_solution_playwright/package.json b/x-pack/test/security_solution_playwright/package.json new file mode 100644 index 0000000000000..10b1c01fb8fb3 --- /dev/null +++ b/x-pack/test/security_solution_playwright/package.json @@ -0,0 +1,15 @@ +{ + "author": "Elastic", + "name": "security_solution_playwright", + "version": "1.0.0", + "private": true, + "license": "Elastic License 2.0", + "scripts": { + "playwright:open": "node ../../plugins/security_solution/scripts/run_playwright/start_playwright open --config-file ../../test/security_solution_playwright/playwright.config.ts", + "playwright:run": "node ../../plugins/security_solution/scripts/run_playwright/start_playwright run --config-file ../../test/security_solution_playwright/playwright.config.ts", + "open:ess": "npm run playwright:open -- --ftr-config-file ../security_solution_cypress/cli_config", + "run:ess": "npm run playwright:run -- --ftr-config-file ../security_solution_cypress/cli_config", + "open:serverless": "npm run playwright:open -- --ftr-config-file ../security_solution_cypress/serverless_config", + "run:serverless": "npm run playwright:run -- --ftr-config-file ../security_solution_cypress/serverless_config" + } +} \ No newline at end of file diff --git a/x-pack/test/security_solution_playwright/page_objects/entity_analytics_management_po.ts b/x-pack/test/security_solution_playwright/page_objects/entity_analytics_management_po.ts new file mode 100644 index 0000000000000..0c8055b2d24d6 --- /dev/null +++ b/x-pack/test/security_solution_playwright/page_objects/entity_analytics_management_po.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Locator, Page } from '@playwright/test'; + +const PAGE_TITLE = '[data-test-subj="entityAnalyticsManagementPageTitle"]'; + +export class EntityAnalyticsManagementPage { + page: Page; + entityAnalyticsManagementPageTitle!: Locator; + + constructor(page: Page) { + this.page = page; + } + + async initialize() { + this.entityAnalyticsManagementPageTitle = this.page.locator(PAGE_TITLE); + } +} diff --git a/x-pack/test/security_solution_playwright/page_objects/entity_analytics_po.ts b/x-pack/test/security_solution_playwright/page_objects/entity_analytics_po.ts new file mode 100644 index 0000000000000..36e8a603ecd9a --- /dev/null +++ b/x-pack/test/security_solution_playwright/page_objects/entity_analytics_po.ts @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Locator, Page, expect } from '@playwright/test'; +import { EntityAnalyticsManagementPage } from './entity_analytics_management_po'; +import { PageFactory } from './page_factory'; + +const PAGE_URL = '/app/security/entity_analytics'; +const ENABLE_HOST_RISK_SCORE_BUTTON = '[data-test-subj="enable_host_risk_score"]'; +const ENABLE_USER_RISK_SCORE_BUTTON = '[data-test-subj="enable_user_risk_score"]'; + +export class EntityAnalyticsPage { + page: Page; + enableHostRiskScoreBtn!: Locator; + enableUserRiskScoreBtn!: Locator; + + constructor(page: Page) { + this.page = page; + } + + async initialize() { + this.enableHostRiskScoreBtn = this.page.locator(ENABLE_HOST_RISK_SCORE_BUTTON); + this.enableUserRiskScoreBtn = this.page.locator(ENABLE_USER_RISK_SCORE_BUTTON); + } + + async navigates() { + await this.page.goto(PAGE_URL); + } + + async enableHostRisk(): Promise { + await this.enableHostRiskScoreBtn.click(); + return await PageFactory.createEntityAnalyticsManagementPage(this.page); + } + + async enableUserRisk(): Promise { + await this.enableUserRiskScoreBtn.click(); + return await PageFactory.createEntityAnalyticsManagementPage(this.page); + } + + async waitForEnableHostRiskScoreToBePresent() { + await expect(this.enableHostRiskScoreBtn).toBeVisible(); + } + + async waitForEnableUserRiskScoreToBePresent() { + await expect(this.enableUserRiskScoreBtn).toBeVisible(); + } +} diff --git a/x-pack/test/security_solution_playwright/page_objects/page_factory.ts b/x-pack/test/security_solution_playwright/page_objects/page_factory.ts new file mode 100644 index 0000000000000..6ac5a36638eb3 --- /dev/null +++ b/x-pack/test/security_solution_playwright/page_objects/page_factory.ts @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Page } from '@playwright/test'; +import { EntityAnalyticsPage } from './entity_analytics_po'; +import { EntityAnalyticsManagementPage } from './entity_analytics_management_po'; +import { RuleDetailsPage } from './rule_details_page_po'; +import { RuleManagementPage } from './rule_management_po'; + +export class PageFactory { + static async createEntityAnalyticsPage(page: Page): Promise { + const entityAnalyticsPage = new EntityAnalyticsPage(page); + await entityAnalyticsPage.initialize(); + return entityAnalyticsPage; + } + + static async createEntityAnalyticsManagementPage( + page: Page + ): Promise { + const entityAnalyticsManagementPage = new EntityAnalyticsManagementPage(page); + await entityAnalyticsManagementPage.initialize(); + return entityAnalyticsManagementPage; + } + + static async createRuleDetailsPage(page: Page): Promise { + const ruleDetailsPage = new RuleDetailsPage(page); + await ruleDetailsPage.initialize(); + return ruleDetailsPage; + } + + static async createRuleManagementPage(page: Page): Promise { + const ruleManagementPage = new RuleManagementPage(page); + await ruleManagementPage.initialize(); + return ruleManagementPage; + } +} diff --git a/x-pack/test/security_solution_playwright/page_objects/rule_details_page_po.ts b/x-pack/test/security_solution_playwright/page_objects/rule_details_page_po.ts new file mode 100644 index 0000000000000..83d0c7821603c --- /dev/null +++ b/x-pack/test/security_solution_playwright/page_objects/rule_details_page_po.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Locator, Page } from '@playwright/test'; + +const PAGE_URL = '/app/security/rules/id/'; + +const POPOVER_ACTIONS_TRIGGER_BUTTON = '[data-test-subj="rules-details-popover-button-icon"]'; +const RULE_DETAILS_MANUAL_RULE_RUN_BTN = '[data-test-subj="rules-details-manual-rule-run"]'; +const MODAL_CONFIRMATION_BTN = '[data-test-subj="confirmModalConfirmButton"]'; +const TOASTER = '[data-test-subj="euiToastHeader"]'; + +export class RuleDetailsPage { + page: Page; + popoverActionsTriggerButton!: Locator; + ruleDetailsManualRuleRunButton!: Locator; + modalConfirmationBtn!: Locator; + toaster!: Locator; + + constructor(page: Page) { + this.page = page; + } + + async initialize() { + this.popoverActionsTriggerButton = this.page.locator(POPOVER_ACTIONS_TRIGGER_BUTTON); + this.ruleDetailsManualRuleRunButton = this.page.locator(RULE_DETAILS_MANUAL_RULE_RUN_BTN); + this.modalConfirmationBtn = this.page.locator(MODAL_CONFIRMATION_BTN); + this.toaster = this.page.locator(TOASTER); + } + + async navigateTo(ruleId: string) { + await this.page.goto(`${PAGE_URL}${ruleId}`); + } + + async manualRuleRun() { + await this.popoverActionsTriggerButton.click(); + await this.ruleDetailsManualRuleRunButton.click(); + await this.modalConfirmationBtn.click(); + } +} diff --git a/x-pack/test/security_solution_playwright/page_objects/rule_management_po.ts b/x-pack/test/security_solution_playwright/page_objects/rule_management_po.ts new file mode 100644 index 0000000000000..d8f3ab18e7b92 --- /dev/null +++ b/x-pack/test/security_solution_playwright/page_objects/rule_management_po.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expect, Locator, Page } from '@playwright/test'; + +const PAGE_URL = '/app/security/rules/management'; + +const AUTO_REFRESH_POPOVER_TRIGGER_BUTTON = '[data-test-subj="autoRefreshButton"]'; +const REFRESH_SETTINGS_SWITCH = '[data-test-subj="refreshSettingsSwitch"]'; +const COLLAPSED_ACTION_BTN = '[data-test-subj="euiCollapsedItemActionsButton"]'; +const MANUAL_RULE_RUN_ACTION_BTN = '[data-test-subj="manualRuleRunAction"]'; +const MODAL_CONFIRMATION_BTN = '[data-test-subj="confirmModalConfirmButton"]'; +const TOASTER = '[data-test-subj="euiToastHeader"]'; + +export class RuleManagementPage { + page: Page; + autoRefreshPopoverTriggerButton!: Locator; + refreshSettingsSwitch!: Locator; + collapsedActionBtn!: Locator; + manualRuleRunActionBtn!: Locator; + modalConfirmationBtn!: Locator; + toaster!: Locator; + + constructor(page: Page) { + this.page = page; + } + + async initialize() { + this.autoRefreshPopoverTriggerButton = this.page.locator(AUTO_REFRESH_POPOVER_TRIGGER_BUTTON); + this.refreshSettingsSwitch = this.page.locator(REFRESH_SETTINGS_SWITCH); + this.collapsedActionBtn = this.page.locator(COLLAPSED_ACTION_BTN); + this.manualRuleRunActionBtn = this.page.locator(MANUAL_RULE_RUN_ACTION_BTN); + this.modalConfirmationBtn = this.page.locator(MODAL_CONFIRMATION_BTN); + this.toaster = this.page.locator(TOASTER); + } + + async navigate() { + await this.page.goto(PAGE_URL); + } + + async disableAutoRefresh() { + await this.autoRefreshPopoverTriggerButton.click(); + await this.refreshSettingsSwitch.click(); + } + + async manuallyRunFirstRule() { + await this.collapsedActionBtn.first().click(); + await expect(this.manualRuleRunActionBtn).toBeVisible(); + await this.manualRuleRunActionBtn.click(); + await this.modalConfirmationBtn.click(); + } +} diff --git a/x-pack/test/security_solution_playwright/playwright.config.ts b/x-pack/test/security_solution_playwright/playwright.config.ts new file mode 100644 index 0000000000000..8def75a155f2a --- /dev/null +++ b/x-pack/test/security_solution_playwright/playwright.config.ts @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { defineConfig, devices } from '@playwright/test'; +import path from 'path'; +import { ReadableStream as PolyfillReadableStream } from 'web-streams-polyfill'; +import dotenv from 'dotenv'; + +(globalThis as any).ReadableStream = PolyfillReadableStream; + +dotenv.config({ path: path.resolve(__dirname, './.env') }); + +export default defineConfig({ + timeout: 60000, + expect: { timeout: 60000 }, + testDir: './tests/', + testMatch: process.env.FILE_PATH || '**/*.spec.ts', + fullyParallel: false, + forbidOnly: !!process.env.CI, + retries: 0, + workers: 1, + reporter: [['list', { printSteps: true }]], + use: { + trace: 'on-first-retry', + ignoreHTTPSErrors: true, + baseURL: process.env.KIBANA_URL, + bypassCSP: true, + actionTimeout: 60000, + navigationTimeout: 60000, + screenshot: 'only-on-failure', + launchOptions: { + args: ['--disable-web-security'], + }, + }, + projects: [ + { + name: 'login_ess', + testMatch: '**/setup/login_ess.ts', + }, + { + name: 'login_serverless', + testMatch: '**/setup/login_serverless.ts', + }, + { + name: 'ess', + use: { ...devices['Desktop Chrome'] }, + dependencies: ['login_ess'], + }, + { + name: 'serverless', + use: { ...devices['Desktop Chrome'] }, + dependencies: ['login_serverless'], + }, + ], +}); diff --git a/x-pack/test/security_solution_playwright/tests/enable_risk_score_redirect.spec.ts b/x-pack/test/security_solution_playwright/tests/enable_risk_score_redirect.spec.ts new file mode 100644 index 0000000000000..79222975ed121 --- /dev/null +++ b/x-pack/test/security_solution_playwright/tests/enable_risk_score_redirect.spec.ts @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expect, test } from '@playwright/test'; +import { PageFactory } from '../page_objects/page_factory'; +import { EntityAnalyticsPage } from '../page_objects/entity_analytics_po'; +import { EntityAnalyticsManagementPage } from '../page_objects/entity_analytics_management_po'; +import { createEsArchiver } from '../fixtures/es_archiver'; + +let entityAnalyticsPage: EntityAnalyticsPage; +let entityAnalyticsManagementPage: EntityAnalyticsManagementPage; + +test.beforeAll(async () => { + const esArchiver = await createEsArchiver(); + await esArchiver.loadIfNeeded('auditbeat_single'); +}); + +test.describe('Enable risk scores from dashboard', { tag: ['@serverless', '@ess'] }, () => { + test.use({ storageState: '.auth/user.json' }); + test.beforeEach(async ({ page }) => { + entityAnalyticsPage = await PageFactory.createEntityAnalyticsPage(page); + await entityAnalyticsPage.navigates(); + }); + test('host risk enable button should redirect to entity management page', async () => { + await entityAnalyticsPage.waitForEnableHostRiskScoreToBePresent(); + entityAnalyticsManagementPage = await entityAnalyticsPage.enableHostRisk(); + + await expect(entityAnalyticsManagementPage.entityAnalyticsManagementPageTitle).toHaveText( + 'Entity Risk Score' + ); + }); + + test('user risk enable button should redirect to entity management page', async () => { + await entityAnalyticsPage.waitForEnableUserRiskScoreToBePresent(); + entityAnalyticsManagementPage = await entityAnalyticsPage.enableUserRisk(); + + await expect(entityAnalyticsManagementPage.entityAnalyticsManagementPageTitle).toHaveText( + 'Entity Risk Score' + ); + }); +}); diff --git a/x-pack/test/security_solution_playwright/tests/manual_rule_run.spec.ts b/x-pack/test/security_solution_playwright/tests/manual_rule_run.spec.ts new file mode 100644 index 0000000000000..f8effa6cd279c --- /dev/null +++ b/x-pack/test/security_solution_playwright/tests/manual_rule_run.spec.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expect, test } from '@playwright/test'; +import { PageFactory } from '../page_objects/page_factory'; +import { RuleDetailsPage } from '../page_objects/rule_details_page_po'; +import { createRule, deleteAllRules } from '../api_utils/rules'; +import { deleteAllSecurityDocuments } from '../api_utils/documents'; +import { RuleManagementPage } from '../page_objects/rule_management_po'; +import { createEsArchiver } from '../fixtures/es_archiver'; + +let ruleDetailsPage: RuleDetailsPage; +let ruleManagementPage: RuleManagementPage; + +test.beforeAll(async () => { + const esArchiver = await createEsArchiver(); + await esArchiver.loadIfNeeded('auditbeat_single'); +}); + +test.describe('Manual rule run', { tag: ['@ess', '@serverless'] }, () => { + test.use({ storageState: '.auth/user.json' }); + + test.beforeEach(async ({ request }) => { + await deleteAllRules(request); + await deleteAllSecurityDocuments(request); + }); + + test('schedule from rule details page', async ({ request, page }) => { + const { id: ruleId } = await createRule(request); + + ruleDetailsPage = await PageFactory.createRuleDetailsPage(page); + + await ruleDetailsPage.navigateTo(ruleId); + await ruleDetailsPage.manualRuleRun(); + + await expect(ruleDetailsPage.toaster).toHaveText( + 'Successfully scheduled manual run for 1 rule' + ); + }); + + test('schedule from rules management table', async ({ request, page }) => { + await createRule(request); + + ruleManagementPage = await PageFactory.createRuleManagementPage(page); + + await ruleManagementPage.navigate(); + await ruleManagementPage.disableAutoRefresh(); + await ruleManagementPage.manuallyRunFirstRule(); + + await expect(ruleManagementPage.toaster).toHaveText( + 'Successfully scheduled manual run for 1 rule' + ); + }); +}); diff --git a/x-pack/test/security_solution_playwright/tests/setup/login_ess.ts b/x-pack/test/security_solution_playwright/tests/setup/login_ess.ts new file mode 100644 index 0000000000000..028cc3e9c36a6 --- /dev/null +++ b/x-pack/test/security_solution_playwright/tests/setup/login_ess.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { test } from '@playwright/test'; +import { getCommonHeaders } from '../../api_utils/headers'; + +export const authFile = '.auth/user.json'; + +test('login', { tag: '@ess' }, async ({ request }) => { + const headers = await getCommonHeaders(); + + await request.post(`${process.env.KIBANA_URL}/internal/security/login`, { + headers, + data: { + providerType: 'basic', + providerName: 'basic', + currentURL: '/', + params: { + username: process.env.ELASTICSEARCH_USERNAME, + password: process.env.ELASTICSEARCH_PASSWORD, + }, + }, + }); + + await request.storageState({ path: authFile }); +}); diff --git a/x-pack/test/security_solution_playwright/tests/setup/login_serverless.ts b/x-pack/test/security_solution_playwright/tests/setup/login_serverless.ts new file mode 100644 index 0000000000000..9f37cea0ebf8f --- /dev/null +++ b/x-pack/test/security_solution_playwright/tests/setup/login_serverless.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import fs from 'fs'; +import path from 'path'; +import { test } from '../../fixtures/saml'; + +export const authFile = '.auth/user.json'; + +test('serverless', { tag: '@serverless' }, async ({ samlSessionManager }) => { + const cookie = await samlSessionManager.getInteractiveUserSessionCookieWithRoleScope( + 'platform_engineer' + ); + const parsedUrl = new URL(process.env.KIBANA_URL!); + const domain = parsedUrl.hostname; + const maxAge = 100 * 365 * 24 * 60 * 60; + + const authData = { + cookies: [ + { + name: 'sid', + value: cookie, + expires: maxAge, + secure: false, + sameSite: 'Lax', + domain, + path: '/', + httpOnly: true, + }, + ], + }; + + fs.mkdirSync(path.dirname(authFile), { recursive: true }); + fs.writeFileSync(authFile, JSON.stringify(authData, null, 2)); +}); diff --git a/x-pack/test/security_solution_playwright/tsconfig.json b/x-pack/test/security_solution_playwright/tsconfig.json new file mode 100644 index 0000000000000..bd7a213584195 --- /dev/null +++ b/x-pack/test/security_solution_playwright/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../tsconfig.base.json", + "compilerOptions": { + "types": ["node"], + "outDir": "target/types" + }, + "include": ["index.d.ts"], + "kbn_references": [ + { + "path": "../../plugins/security_solution/tsconfig.json", + "force": true + }, + ], + "exclude": [ + "target/**/*" + ] +} diff --git a/x-pack/test/spaces_api_integration/common/config.ts b/x-pack/test/spaces_api_integration/common/config.ts index f1e08457f692b..f2074fac8bea1 100644 --- a/x-pack/test/spaces_api_integration/common/config.ts +++ b/x-pack/test/spaces_api_integration/common/config.ts @@ -6,7 +6,6 @@ */ import path from 'path'; -// @ts-expect-error we have to check types with "allowJs: false" for now, causing this import to fail import { REPO_ROOT } from '@kbn/repo-info'; import { FtrConfigProviderContext } from '@kbn/test'; diff --git a/yarn.lock b/yarn.lock index a43ef3ac5c8bb..4ea12b7c510fa 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8182,6 +8182,13 @@ resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33" integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== +"@playwright/test@=1.46.0": + version "1.46.0" + resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.46.0.tgz#ccea6d22c40ee7fa567e4192fafbdf2a907e2714" + integrity sha512-/QYft5VArOrGRP5pgkrfKksqsKA6CEFyGQ/gjNe6q0y4tZ1aaPfq4gIjudr1s3D+pXyrPRdsy4opKDrjBabE5w== + dependencies: + playwright "1.46.0" + "@pmmmwh/react-refresh-webpack-plugin@^0.5.3": version "0.5.7" resolved "https://registry.yarnpkg.com/@pmmmwh/react-refresh-webpack-plugin/-/react-refresh-webpack-plugin-0.5.7.tgz#58f8217ba70069cc6a73f5d7e05e85b458c150e2" @@ -16382,7 +16389,7 @@ dotenv-expand@^5.1.0: resolved "https://registry.yarnpkg.com/dotenv-expand/-/dotenv-expand-5.1.0.tgz#3fbaf020bfd794884072ea26b1e9791d45a629f0" integrity sha512-YXQl1DSa4/PQyRfgrv6aoNjhasp/p4qs9FjJ4q4cQk+8m4r6k4ZSiEyytKG8f8W9gi8WsQtIObNmKd+tMzNTmA== -dotenv@^16.0.2, dotenv@^16.0.3: +dotenv@^16.0.2, dotenv@^16.0.3, dotenv@^16.4.5: version "16.4.5" resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.5.tgz#cdd3b3b604cb327e286b4762e13502f717cb099f" integrity sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg== @@ -25349,6 +25356,13 @@ playwright-chromium@=1.38.1: dependencies: playwright-core "1.38.1" +playwright-chromium@=1.46.0: + version "1.46.0" + resolved "https://registry.yarnpkg.com/playwright-chromium/-/playwright-chromium-1.46.0.tgz#f24228fec92b380ccc8f5f365b897e9d88b612f6" + integrity sha512-UTHYZsr49XFYRQkpCfaHxL63vfu6uThxR1DrNwnU6qik/OworFcugTOJMWFMoop3QP+ThU8laAMumauLdLZXCQ== + dependencies: + playwright-core "1.46.0" + playwright-core@1.38.0: version "1.38.0" resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.38.0.tgz#cb8e135da1c0b1918b070642372040ed9aa7009a" @@ -25359,6 +25373,20 @@ playwright-core@1.38.1, playwright-core@=1.38.1: resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.38.1.tgz#75a3c470aa9576b7d7c4e274de3d79977448ba08" integrity sha512-tQqNFUKa3OfMf4b2jQ7aGLB8o9bS3bOY0yMEtldtC2+spf8QXG9zvXLTXUeRsoNuxEYMgLYR+NXfAa1rjKRcrg== +playwright-core@1.46.0: + version "1.46.0" + resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.46.0.tgz#2336ac453a943abf0dc95a76c117f9d3ebd390eb" + integrity sha512-9Y/d5UIwuJk8t3+lhmMSAJyNP1BUC/DqP3cQJDQQL/oWqAiuPTLgy7Q5dzglmTLwcBRdetzgNM/gni7ckfTr6A== + +playwright@1.46.0, playwright@=1.46.0: + version "1.46.0" + resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.46.0.tgz#c7ff490deae41fc1e814bf2cb62109dd9351164d" + integrity sha512-XYJ5WvfefWONh1uPAUAi0H2xXV5S3vrtcnXe6uAOgdGi3aSpqOSXX08IAjXW34xitfuOJsvXU5anXZxPSEQiJw== + dependencies: + playwright-core "1.46.0" + optionalDependencies: + fsevents "2.3.2" + playwright@=1.38.0: version "1.38.0" resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.38.0.tgz#0ee19d38512b7b1f961c0eb44008a6fed373d206"