-
Notifications
You must be signed in to change notification settings - Fork 422
/
Copy pathfile.yml
135 lines (112 loc) · 3.2 KB
/
file.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
- name: file
group: 2
title: File
short: Fields describing files.
description: >
A file is defined as a set of information that has been created on, or has existed on a filesystem.
File objects can be associated with host events, network events,
and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services).
File fields provide details about the affected file associated with the event or metric.
type: group
fields:
- name: name
level: extended
type: keyword
description: Name of the file including the extension, without the directory.
example: example.png
- name: directory
level: extended
type: keyword
description: Directory where the file is located.
example: '/home/alice'
- name: path
level: extended
type: keyword
description: Full path to the file.
example: '/home/alice/example.png'
- name: target_path
level: extended
type: keyword
description: Target path for symlinks.
- name: extension
level: extended
type: keyword
description: File extension.
example: png
- name: type
level: extended
type: keyword
description: File type (file, dir, or symlink).
example: file
- name: device
level: extended
type: keyword
description: Device that is the source of the file.
example: sda
- name: inode
level: extended
type: keyword
description: Inode representing the file in the filesystem.
example: '256383'
- name: uid
level: extended
type: keyword
description: >
The user ID (UID) or security identifier (SID) of the file owner.
example: '1001'
- name: owner
level: extended
type: keyword
description: File owner's username.
example: alice
- name: gid
level: extended
type: keyword
description: Primary group ID (GID) of the file.
example: '1001'
- name: group
level: extended
type: keyword
description: Primary group name of the file.
example: alice
- name: mode
level: extended
type: keyword
description: Mode of the file in octal representation.
example: '0640'
- name: size
level: extended
type: long
short: File size in bytes.
description: >
File size in bytes.
Only relevant when `file.type` is "file".
example: 16384
- name: mtime
level: extended
type: date
description: Last time the file content was modified.
- name: ctime
level: extended
type: date
short: Last time the file attributes or metadata changed.
description: >
Last time the file attributes or metadata changed.
Note that changes to the file content will update `mtime`. This implies
`ctime` will be adjusted at the same time, since `mtime` is an attribute
of the file.
- name: created
level: extended
type: date
short: File creation time.
description: >
File creation time.
Note that not all filesystems store the creation time.
- name: accessed
level: extended
type: date
short: Last time the file was accessed.
description: >
Last time the file was accessed.
Note that not all filesystems keep track of access time.