diff --git a/dashboards/endpoint_dashboard.ndjson b/dashboards/endpoint_dashboard.ndjson
index 1e9bcee19..276bfcd09 100644
--- a/dashboards/endpoint_dashboard.ndjson
+++ b/dashboards/endpoint_dashboard.ndjson
@@ -1,13 +1,13 @@
-{"attributes":{"fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.global.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.user.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.Ext.code_signature\"}}},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.Ext.token.privileges\"}}},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.command_line\"}}},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.executable\"}}},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.name\"}}},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.parent.Ext.code_signature\"}}},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.command_line\"}}},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.executable\"}}},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.name\"}}},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.title\"}}},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.working_directory\"}}},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.thread.Ext.token.privileges\"}}},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.title\"}}},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.working_directory\"}}},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.build.original\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.code_signature\"}}},{\"name\":\"file.Ext.entry_modified\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.macro.errors\"}}},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.macro.stream\"}}},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target_path\"}}},{\"name\":\"file.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.full\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.user.full_name\"}}},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.user.name\"}}},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.request.body.content\"}}},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.response.body.content\"}}},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.Ext.code_signature\"}}},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.Ext.token.privileges\"}}},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.parent.Ext.code_signature\"}}},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.name\"}}},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.title\"}}},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.working_directory\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.thread.Ext.token.privileges\"}}},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.title\"}}},{\"name\":\"process.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"threat.technique.name\"}}},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.full_name\"}}},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}}]","timeFieldName":"@timestamp","title":"logs-endpoint*"},"id":"endpoint-dashboard-logs","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-02T21:57:10.812Z","version":"WzIwNiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"[Endpoint] Controls","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Controls\",\n  \"type\": \"input_control_vis\",\n  \"params\": {\n    \"controls\": [\n      {\n        \"id\": \"1585575202047\",\n        \"fieldName\": \"host.os.name\",\n        \"parent\": \"\",\n        \"label\": \"Operating Systems\",\n        \"type\": \"list\",\n        \"options\": {\n          \"type\": \"terms\",\n          \"multiselect\": true,\n          \"dynamicOptions\": true,\n          \"size\": 5,\n          \"order\": \"desc\"\n        },\n        \"indexPatternRefName\": \"control_0_index_pattern\"\n      },\n      {\n        \"id\": \"1585575244711\",\n        \"fieldName\": \"event.category\",\n        \"parent\": \"\",\n        \"label\": \"Event Categories\",\n        \"type\": \"list\",\n        \"options\": {\n          \"type\": \"terms\",\n          \"multiselect\": true,\n          \"dynamicOptions\": true,\n          \"size\": 5,\n          \"order\": \"desc\"\n        },\n        \"indexPatternRefName\": \"control_1_index_pattern\"\n      }\n    ],\n    \"updateFiltersOnChange\": false,\n    \"useTimeFilter\": true,\n    \"pinFilters\": false\n  },\n  \"aggs\": []\n}"},"id":"1cfceda0-728b-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-logs","name":"control_0_index_pattern","type":"index-pattern"},{"id":"endpoint-dashboard-logs","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T22:16:19.746Z","version":"WzI0OSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Alerts over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Alerts over Time\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"1\",\"point_size\":\"1\",\"fill\":\"0.3\",\"stacked\":\"none\",\"label\":\"Alerts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"event.kind : \\\"alert\\\"\",\"language\":\"kuery\"},\"steps\":0,\"split_color_mode\":\"gradient\"},{\"id\":\"3c37eca0-8a56-11ea-a586-5f28263afd71\",\"color\":\"rgba(153,153,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3c37eca1-8a56-11ea-a586-5f28263afd71\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"Week Prior Alerts\",\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category : \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"1w\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"tooltip_mode\":\"show_all\"}}"},"id":"3560af80-8a5a-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-02T22:04:10.603Z","version":"WzIyNSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Alert Totals","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Alert Totals\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"5f546720-8a5d-11ea-a586-5f28263afd71\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category: \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"\",\"label\":\"Total Alerts in Time Period\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"4a529860-8a5d-11ea-a586-5f28263afd71\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\"}}"},"id":"1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-02T22:06:13.793Z","version":"WzIyOCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Week Prior Alert Totals","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Week Prior Alert Totals\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"5f546720-8a5d-11ea-a586-5f28263afd71\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category: \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"1w\",\"label\":\"Week Prior Total Alerts in Time Period\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"4a529860-8a5d-11ea-a586-5f28263afd71\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\"}}"},"id":"3aecae50-8a5e-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-02T22:05:41.636Z","version":"WzIyNywxXQ=="}
-{"attributes":{"fieldFormatMap":"{\"Endpoint.metrics.memory.endpoint.private.mean\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"}}},\"Endpoint.metrics.memory.endpoint.private.latest\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"}}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"histogram\",\"esTypes\":[\"histogram\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.actions\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.global.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.user.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.concerned_actions\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.concerned_actions\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.concerned_actions\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.concerned_actions\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.build.original\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.full\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"metrics-endpoint*"},"id":"endpoint-dashboard-metrics","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-02T22:25:51.748Z","version":"WzI4MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Top Average CPU","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Top Average CPU\",\n  \"type\": \"line\",\n  \"params\": {\n    \"type\": \"line\",\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"type\": \"category\",\n        \"position\": \"bottom\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"filter\": true,\n          \"truncate\": 100\n        },\n        \"title\": {}\n      }\n    ],\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"name\": \"LeftAxis-1\",\n        \"type\": \"value\",\n        \"position\": \"left\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\",\n          \"mode\": \"normal\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"rotate\": 0,\n          \"filter\": false,\n          \"truncate\": 100\n        },\n        \"title\": {\n          \"text\": \"Average CPU Usage Percent\"\n        }\n      }\n    ],\n    \"seriesParams\": [\n      {\n        \"show\": true,\n        \"type\": \"area\",\n        \"mode\": \"normal\",\n        \"data\": {\n          \"id\": \"5\",\n          \"label\": \"Average CPU Usage Percent\"\n        },\n        \"valueAxis\": \"ValueAxis-1\",\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"interpolate\": \"cardinal\",\n        \"showCircles\": true\n      }\n    ],\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"legendPosition\": \"right\",\n    \"times\": [],\n    \"addTimeMarker\": false,\n    \"labels\": {},\n    \"thresholdLine\": {\n      \"show\": false,\n      \"value\": 10,\n      \"width\": 1,\n      \"style\": \"full\",\n      \"color\": \"#E7664C\"\n    },\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 1,\n        \"format\": {\n          \"id\": \"date\",\n          \"params\": {\n            \"pattern\": \"YYYY-MM-DD HH:mm\"\n          }\n        },\n        \"params\": {\n          \"date\": true,\n          \"interval\": \"PT12H\",\n          \"intervalESValue\": 12,\n          \"intervalESUnit\": \"h\",\n          \"format\": \"YYYY-MM-DD HH:mm\",\n          \"bounds\": {\n            \"min\": \"2020-04-15T20:56:43.479Z\",\n            \"max\": \"2020-04-29T20:56:43.479Z\"\n          }\n        },\n        \"label\": \"@timestamp per 12 hours\",\n        \"aggType\": \"date_histogram\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"percent\"\n          },\n          \"params\": {},\n          \"label\": \"Average CPU Usage Percent\",\n          \"aggType\": \"avg\"\n        }\n      ],\n      \"series\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Host Name\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    },\n    \"radiusRatio\": 50\n  },\n  \"aggs\": [\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"group\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"5\",\n        \"order\": \"desc\",\n        \"size\": 2,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Host Name\"\n      }\n    },\n    {\n      \"id\": \"5\",\n      \"enabled\": true,\n      \"type\": \"avg\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"Endpoint.metrics.cpu.endpoint.mean\",\n        \"customLabel\": \"Average CPU Usage Percent\"\n      }\n    },\n    {\n      \"id\": \"6\",\n      \"enabled\": true,\n      \"type\": \"date_histogram\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"@timestamp\",\n        \"timeRange\": {\n          \"from\": \"now-2w\",\n          \"to\": \"now\"\n        },\n        \"useNormalizedEsInterval\": true,\n        \"scaleMetricValues\": false,\n        \"interval\": \"auto\",\n        \"drop_partials\": false,\n        \"min_doc_count\": 1,\n        \"extended_bounds\": {},\n        \"customLabel\": \"\"\n      }\n    }\n  ]\n}"},"id":"2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-metrics","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T22:22:41.425Z","version":"WzI3MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"language\": \"kuery\",\n    \"query\": \"\"\n  },\n  \"filter\": [],\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Top Average Memory","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Top Average Memory\",\n  \"type\": \"line\",\n  \"params\": {\n    \"addLegend\": true,\n    \"addTimeMarker\": false,\n    \"addTooltip\": true,\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"labels\": {\n          \"filter\": true,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"position\": \"bottom\",\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {},\n        \"type\": \"category\"\n      }\n    ],\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 1,\n        \"format\": {\n          \"id\": \"date\",\n          \"params\": {\n            \"pattern\": \"YYYY-MM-DD HH:mm\"\n          }\n        },\n        \"params\": {\n          \"date\": true,\n          \"interval\": \"PT3H\",\n          \"intervalESValue\": 3,\n          \"intervalESUnit\": \"h\",\n          \"format\": \"YYYY-MM-DD HH:mm\",\n          \"bounds\": {\n            \"min\": \"2020-04-24T20:08:18.470Z\",\n            \"max\": \"2020-04-29T20:08:18.470Z\"\n          }\n        },\n        \"label\": \"@timestamp per 3 hours\",\n        \"aggType\": \"date_histogram\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"bytes\",\n            \"params\": {\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Average Memory Usage\",\n          \"aggType\": \"avg\"\n        }\n      ],\n      \"series\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"host.name: Descending\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    },\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"labels\": {},\n    \"legendPosition\": \"right\",\n    \"seriesParams\": [\n      {\n        \"data\": {\n          \"id\": \"1\",\n          \"label\": \"Average Memory Usage\"\n        },\n        \"drawLinesBetweenPoints\": true,\n        \"interpolate\": \"cardinal\",\n        \"lineWidth\": 2,\n        \"mode\": \"normal\",\n        \"show\": true,\n        \"showCircles\": true,\n        \"type\": \"area\",\n        \"valueAxis\": \"ValueAxis-1\"\n      }\n    ],\n    \"thresholdLine\": {\n      \"color\": \"#E7664C\",\n      \"show\": false,\n      \"style\": \"full\",\n      \"value\": 10,\n      \"width\": 1\n    },\n    \"times\": [],\n    \"type\": \"line\",\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"labels\": {\n          \"filter\": false,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"name\": \"LeftAxis-1\",\n        \"position\": \"left\",\n        \"scale\": {\n          \"defaultYExtents\": false,\n          \"mode\": \"normal\",\n          \"setYExtents\": false,\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {\n          \"text\": \"Average Memory Usage\"\n        },\n        \"type\": \"value\"\n      }\n    ]\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"avg\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"Endpoint.metrics.memory.endpoint.private.mean\",\n        \"customLabel\": \"Average Memory Usage\"\n      }\n    },\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"group\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 2,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"date_histogram\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"@timestamp\",\n        \"timeRange\": {\n          \"from\": \"now-5d\",\n          \"to\": \"now\"\n        },\n        \"useNormalizedEsInterval\": true,\n        \"scaleMetricValues\": false,\n        \"interval\": \"auto\",\n        \"drop_partials\": false,\n        \"min_doc_count\": 1,\n        \"extended_bounds\": {}\n      }\n    }\n  ]\n}"},"id":"3e8ccf70-8961-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-metrics","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T22:23:03.359Z","version":"WzI3MiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Event Count by Hostname Table","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Event Count by Hostname Table\",\n  \"type\": \"table\",\n  \"params\": {\n    \"perPage\": 10,\n    \"showPartialRows\": false,\n    \"showMetricsAtAllLevels\": false,\n    \"sort\": {\n      \"columnIndex\": null,\n      \"direction\": null\n    },\n    \"showTotal\": false,\n    \"totalFunc\": \"sum\",\n    \"percentageCol\": \"\",\n    \"dimensions\": {\n      \"metrics\": [\n        {\n          \"accessor\": 3,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Event Count\",\n          \"aggType\": \"cardinality\"\n        }\n      ],\n      \"buckets\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Hostname\",\n          \"aggType\": \"terms\"\n        },\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Operating System\",\n          \"aggType\": \"terms\"\n        },\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"ip\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"IP Address\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    }\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"cardinality\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"event.id\",\n        \"customLabel\": \"Event Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"bucket\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 10,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Hostname\"\n      }\n    },\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"bucket\",\n      \"params\": {\n        \"field\": \"host.os.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 5,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Operating System\"\n      }\n    }\n  ]\n}"},"id":"55387750-729c-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-logs","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T21:58:07.354Z","version":"WzIwOCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Endpoint Count by Operating System","uiStateJSON":"{\n  \"vis\": {\n    \"legendOpen\": false,\n    \"colors\": {\n      \"Endpoint Count\": \"#7EB26D\"\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Endpoint Count by Operating System\",\n  \"type\": \"histogram\",\n  \"params\": {\n    \"type\": \"histogram\",\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"type\": \"category\",\n        \"position\": \"bottom\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"filter\": true,\n          \"truncate\": 100,\n          \"rotate\": 0\n        },\n        \"title\": {}\n      }\n    ],\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"name\": \"LeftAxis-1\",\n        \"type\": \"value\",\n        \"position\": \"left\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\",\n          \"mode\": \"normal\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"rotate\": 0,\n          \"filter\": false,\n          \"truncate\": 100\n        },\n        \"title\": {\n          \"text\": \"Endpoint Count\"\n        }\n      }\n    ],\n    \"seriesParams\": [\n      {\n        \"show\": true,\n        \"type\": \"histogram\",\n        \"mode\": \"stacked\",\n        \"data\": {\n          \"label\": \"Endpoint Count\",\n          \"id\": \"1\"\n        },\n        \"valueAxis\": \"ValueAxis-1\",\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"showCircles\": true\n      }\n    ],\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"legendPosition\": \"right\",\n    \"times\": [],\n    \"addTimeMarker\": false,\n    \"labels\": {\n      \"show\": false\n    },\n    \"thresholdLine\": {\n      \"show\": false,\n      \"value\": 10,\n      \"width\": 1,\n      \"style\": \"full\",\n      \"color\": \"#E7664C\"\n    },\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 0,\n        \"format\": {\n          \"id\": \"terms\",\n          \"params\": {\n            \"id\": \"string\",\n            \"otherBucketLabel\": \"Other\",\n            \"missingBucketLabel\": \"Missing\",\n            \"parsedUrl\": {\n              \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n              \"pathname\": \"/app/kibana\",\n              \"basePath\": \"\"\n            }\n          }\n        },\n        \"params\": {},\n        \"label\": \"Operating System\",\n        \"aggType\": \"terms\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Endpoint Count\",\n          \"aggType\": \"cardinality\"\n        }\n      ]\n    }\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"cardinality\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"agent.id\",\n        \"customLabel\": \"Endpoint Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"host.os.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 10,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Operating System\"\n      }\n    }\n  ]\n}"},"id":"92b1edc0-706a-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-metrics","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T22:14:27.812Z","version":"WzI0NiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Event Count by Category","uiStateJSON":"{\n  \"vis\": {\n    \"legendOpen\": false,\n    \"colors\": {\n      \"Event Count\": \"#614D93\"\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Event Count by Category\",\n  \"type\": \"horizontal_bar\",\n  \"params\": {\n    \"addLegend\": true,\n    \"addTimeMarker\": false,\n    \"addTooltip\": true,\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"labels\": {\n          \"filter\": false,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 200\n        },\n        \"position\": \"left\",\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {},\n        \"type\": \"category\"\n      }\n    ],\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 0,\n        \"format\": {\n          \"id\": \"terms\",\n          \"params\": {\n            \"id\": \"string\",\n            \"otherBucketLabel\": \"Other\",\n            \"missingBucketLabel\": \"Missing\",\n            \"parsedUrl\": {\n              \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n              \"pathname\": \"/app/kibana\",\n              \"basePath\": \"\"\n            }\n          }\n        },\n        \"params\": {},\n        \"label\": \"Event Category\",\n        \"aggType\": \"terms\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Event Count\",\n          \"aggType\": \"count\"\n        }\n      ]\n    },\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"labels\": {\n      \"show\": false\n    },\n    \"legendPosition\": \"right\",\n    \"seriesParams\": [\n      {\n        \"data\": {\n          \"id\": \"1\",\n          \"label\": \"Event Count\"\n        },\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"mode\": \"normal\",\n        \"show\": true,\n        \"showCircles\": true,\n        \"type\": \"histogram\",\n        \"valueAxis\": \"ValueAxis-1\"\n      }\n    ],\n    \"thresholdLine\": {\n      \"color\": \"#E7664C\",\n      \"show\": false,\n      \"style\": \"full\",\n      \"value\": 10,\n      \"width\": 1\n    },\n    \"times\": [],\n    \"type\": \"histogram\",\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"labels\": {\n          \"filter\": true,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"name\": \"LeftAxis-1\",\n        \"position\": \"bottom\",\n        \"scale\": {\n          \"mode\": \"normal\",\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {\n          \"text\": \"Event Count\"\n        },\n        \"type\": \"value\"\n      }\n    ]\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"count\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"customLabel\": \"Event Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"event.category\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 20,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Event Category\"\n      }\n    }\n  ]\n}"},"id":"1e525190-7074-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"endpoint-dashboard-logs","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-02T22:06:37.838Z","version":"WzIzMCwxXQ=="}
-{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"Endpoint Data Filter\",\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"agent.type\",\"params\":{\"query\":\"endpoint\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"agent.type\":\"endpoint\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"c923502a-9a0e-47bb-8d1b-e642b399c8e3\"},\"panelIndex\":\"c923502a-9a0e-47bb-8d1b-e642b399c8e3\",\"embeddableConfig\":{\"title\":\"Controls\"},\"title\":\"Controls\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":9,\"i\":\"fdbb5d05-207d-48d7-aa03-df16adda707f\"},\"panelIndex\":\"fdbb5d05-207d-48d7-aa03-df16adda707f\",\"embeddableConfig\":{\"title\":\"Alerts over Time\"},\"title\":\"Alerts over Time\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":9,\"i\":\"e1b2e433-9c26-4c76-b0da-43397876a8fc\"},\"panelIndex\":\"e1b2e433-9c26-4c76-b0da-43397876a8fc\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":9,\"i\":\"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\"},\"panelIndex\":\"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":15,\"i\":\"1da940b4-edcc-469e-81dc-d6d83efb1ea1\"},\"panelIndex\":\"1da940b4-edcc-469e-81dc-d6d83efb1ea1\",\"embeddableConfig\":{\"title\":\"Top Two Endpoints by CPU Usage\"},\"title\":\"Top Two Endpoints by CPU Usage\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":15,\"i\":\"d142d5e6-4296-4315-8790-6266e6c48b54\"},\"panelIndex\":\"d142d5e6-4296-4315-8790-6266e6c48b54\",\"embeddableConfig\":{\"title\":\"Top Two Endpoints by Memory Usage\"},\"title\":\"Top Two Endpoints by Memory Usage\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":10,\"i\":\"2b6b6a19-3870-4127-bccf-c81c51e10544\"},\"panelIndex\":\"2b6b6a19-3870-4127-bccf-c81c51e10544\",\"embeddableConfig\":{\"title\":\"Event Count by Hostname\"},\"title\":\"Event Count by Hostname\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":15,\"i\":\"996c9423-7803-49e0-92d8-4ccfde71b425\"},\"panelIndex\":\"996c9423-7803-49e0-92d8-4ccfde71b425\",\"embeddableConfig\":{\"title\":\"Endpoint Count by Operating System\"},\"title\":\"Endpoint Count by Operating System\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":50,\"w\":24,\"h\":15,\"i\":\"e16e025f-20c4-4075-8342-76820c2ff4c7\"},\"panelIndex\":\"e16e025f-20c4-4075-8342-76820c2ff4c7\",\"embeddableConfig\":{\"title\":\"Event Count by Category\"},\"title\":\"Event Count by Category\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Endpoint Dashboard","version":1},"id":"826759f0-7074-11ea-9bc8-6b38f4d29a16","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"endpoint-dashboard-logs","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"1cfceda0-728b-11ea-9bc8-6b38f4d29a16","name":"panel_0","type":"visualization"},{"id":"3560af80-8a5a-11ea-9bc8-6b38f4d29a16","name":"panel_1","type":"visualization"},{"id":"1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16","name":"panel_2","type":"visualization"},{"id":"3aecae50-8a5e-11ea-9bc8-6b38f4d29a16","name":"panel_3","type":"visualization"},{"id":"2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16","name":"panel_4","type":"visualization"},{"id":"3e8ccf70-8961-11ea-9bc8-6b38f4d29a16","name":"panel_5","type":"visualization"},{"id":"55387750-729c-11ea-9bc8-6b38f4d29a16","name":"panel_6","type":"visualization"},{"id":"92b1edc0-706a-11ea-9bc8-6b38f4d29a16","name":"panel_7","type":"visualization"},{"id":"1e525190-7074-11ea-9bc8-6b38f4d29a16","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-02T22:31:08.392Z","version":"WzI5MCwxXQ=="}
+{"attributes":{"fieldFormatMap":"{\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"message\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext.mapped_address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.Ext.mapped_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.dll.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.dll.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.dll.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.dll.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.pe.company\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.pe.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.pe.file_version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.pe.original_file_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.dll.pe.product\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.authentication_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.malware_classification.features\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.malware_classification.score\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.malware_classification.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.services\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.session\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.elevation\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.token.elevation_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.integrity_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.token.privileges\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.Ext.token.privileges.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.sid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.token.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.Ext.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.args\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.args_count\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.command_line\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.command_line.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.entity_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.executable\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.executable.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.exit_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.parent.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.args\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.args_count\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.command_line\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.command_line.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.entity_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.executable\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.executable.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.exit_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.pgid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.ppid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"Target.process.parent.thread.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.thread.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.title\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.title.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.parent.working_directory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.parent.working_directory.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pe.company\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pe.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pe.file_version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pe.original_file_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pe.product\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.pgid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.ppid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"Target.process.thread.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.service\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"Target.process.thread.Ext.start_address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.sid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.token.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.thread.Ext.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.thread.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.thread.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.title\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.title.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Target.process.working_directory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Target.process.working_directory.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.ephemeral_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.namespace\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"dll.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"dll.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"dll.Ext.compile_time\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"dll.Ext.malware_classification.features\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.malware_classification.identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.malware_classification.score\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"dll.Ext.malware_classification.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.mapped_address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.Ext.mapped_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"dll.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.pe.company\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.pe.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.pe.file_version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.pe.original_file_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dll.pe.product\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"ecs.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"elastic.agent\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.action\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.category\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.created\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"event.dataset\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.hash\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.ingested\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"event.kind\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.module\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.outcome\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.provider\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.sequence\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"event.severity\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"event.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"file.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"file.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"file.Ext.entry_modified\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"file.Ext.macro.collection\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.errors\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"file.Ext.macro.errors.error_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.file_extension\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.project_file\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.raw_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.malware_classification.features\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.malware_classification.identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.malware_classification.score\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"file.Ext.malware_classification.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.group\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.mode\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.owner\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.original.uid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.quarantine_path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.quarantine_result\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"file.Ext.temp_file_path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.Ext.windows\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.accessed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"file.attributes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.created\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"file.ctime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"file.device\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.directory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.drive_letter\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.extension\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.gid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.group\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.inode\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.mime_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.mode\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.mtime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"file.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.owner\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.path.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.pe.company\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.pe.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.pe.file_version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.pe.original_file_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.pe.product\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"file.target_path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.target_path.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"file.uid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"group.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"group.Ext.real.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"group.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"group.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"group.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.architecture\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.city_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.continent_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.country_iso_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.country_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.location\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"geo_point\"},{\"name\":\"host.geo.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.region_iso_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.geo.region_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.hostname\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"ip\"},{\"name\":\"host.mac\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.family\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.full\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.full.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.kernel\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.platform\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"host.user.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.Ext.real.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.email\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.full_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.full_name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.group.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.group.Ext.real.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.group.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.group.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.group.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.hash\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.user.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.authentication_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.malware_classification.features\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.malware_classification.identifier\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.malware_classification.score\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.malware_classification.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.services\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.session\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.elevation\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.token.elevation_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.impersonation_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.integrity_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.Ext.token.integrity_level_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.is_appcontainer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.token.privileges\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.privileges.enabled\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.Ext.token.privileges.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.sid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.token.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.Ext.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.args\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.args_count\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.command_line\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.command_line.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.entity_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.executable\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.executable.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.exit_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.parent.Ext.code_signature.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.parent.Ext.code_signature.valid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.parent.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.args\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.args_count\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.command_line\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.command_line.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.entity_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.executable\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.executable.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.exit_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.hash.md5\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.hash.sha1\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.hash.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.hash.sha512\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.pgid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.ppid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"process.parent.thread.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.thread.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.title\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.title.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.parent.working_directory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.parent.working_directory.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pe.company\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pe.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pe.file_version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pe.original_file_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pe.product\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.pgid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.pid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.ppid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"process.thread.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.rva\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.service\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"process.thread.Ext.start_address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.start_address_module\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.elevation\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.thread.Ext.token.elevation_type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.integrity_level\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.thread.Ext.token.privileges\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"process.thread.Ext.token.privileges.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.sid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.token.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.thread.Ext.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.thread.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.thread.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.title\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.title.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"process.working_directory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"process.working_directory.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.author\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.category\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.description\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.license\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.reference\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.ruleset\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.uuid\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"rule.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.framework\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.tactic.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.tactic.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.tactic.reference\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.technique.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.technique.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.technique.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"threat.technique.reference\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.Ext.real.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.email\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.full_name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.full_name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.group.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.group.Ext.real.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.group.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.group.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.group.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.hash\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"user.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"destination.address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"destination.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"destination.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"destination.ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"ip\"},{\"name\":\"destination.packets\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"destination.port\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"destination.registered_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"destination.top_level_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.Ext.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"dns.question.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.question.registered_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.question.subdomain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.question.top_level_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.question.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dns.resolved_ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"ip\"},{\"name\":\"http.request.body.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"http.request.body.content\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"http.request.body.content.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"http.request.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"http.response.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"http.response.body.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"http.response.body.content\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"http.response.body.content.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"http.response.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"http.response.status_code\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"network.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"network.community_id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"network.direction\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"network.iana_number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"network.packets\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"network.protocol\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"network.transport\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"network.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"source.address\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"source.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"source.domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"source.ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"ip\"},{\"name\":\"source.packets\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"source.port\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"source.registered_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"source.top_level_domain\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"package.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.data.bytes\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.data.strings\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.hive\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.key\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.path\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"registry.value\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"}]","timeFieldName":"@timestamp","title":"logs-*"},"id":"logs-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-06T20:34:33.574Z","version":"WzkyLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"[Endpoint] Controls","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Controls\",\n  \"type\": \"input_control_vis\",\n  \"params\": {\n    \"controls\": [\n      {\n        \"id\": \"1585575202047\",\n        \"fieldName\": \"host.os.name\",\n        \"parent\": \"\",\n        \"label\": \"Operating Systems\",\n        \"type\": \"list\",\n        \"options\": {\n          \"type\": \"terms\",\n          \"multiselect\": true,\n          \"dynamicOptions\": true,\n          \"size\": 5,\n          \"order\": \"desc\"\n        },\n        \"indexPatternRefName\": \"control_0_index_pattern\"\n      },\n      {\n        \"id\": \"1585575244711\",\n        \"fieldName\": \"event.category\",\n        \"parent\": \"\",\n        \"label\": \"Event Categories\",\n        \"type\": \"list\",\n        \"options\": {\n          \"type\": \"terms\",\n          \"multiselect\": true,\n          \"dynamicOptions\": true,\n          \"size\": 5,\n          \"order\": \"desc\"\n        },\n        \"indexPatternRefName\": \"control_1_index_pattern\"\n      }\n    ],\n    \"updateFiltersOnChange\": false,\n    \"useTimeFilter\": true,\n    \"pinFilters\": false\n  },\n  \"aggs\": []\n}"},"id":"1cfceda0-728b-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"logs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"logs-*","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:36:17.446Z","version":"WzEwMSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Alerts over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Alerts over Time\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"1\",\"point_size\":\"1\",\"fill\":\"0.3\",\"stacked\":\"none\",\"label\":\"Alerts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"event.kind : \\\"alert\\\"\",\"language\":\"kuery\"},\"steps\":0,\"split_color_mode\":\"gradient\"},{\"id\":\"3c37eca0-8a56-11ea-a586-5f28263afd71\",\"color\":\"rgba(153,153,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3c37eca1-8a56-11ea-a586-5f28263afd71\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"Week Prior Alerts\",\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category : \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"1w\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"tooltip_mode\":\"show_all\"}}"},"id":"3560af80-8a5a-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-06T20:34:32.280Z","version":"Wzg1LDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Alert Totals","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Alert Totals\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"5f546720-8a5d-11ea-a586-5f28263afd71\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category: \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"\",\"label\":\"Total Alerts in Time Period\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"4a529860-8a5d-11ea-a586-5f28263afd71\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\"}}"},"id":"1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-06T20:34:32.280Z","version":"WzgwLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[Endpoint] Week Prior Alert Totals","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[Endpoint] Week Prior Alert Totals\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"5f546720-8a5d-11ea-a586-5f28263afd71\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"filter\":{\"query\":\"event.kind : \\\"alert\\\" and event.category: \\\"malware\\\" \",\"language\":\"kuery\"},\"offset_time\":\"1w\",\"label\":\"Week Prior Total Alerts in Time Period\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"logs-endpoint*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"logs-*\",\"default_timefield\":\"@timestamp\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"4a529860-8a5d-11ea-a586-5f28263afd71\"}],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\"}}"},"id":"3aecae50-8a5e-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-07-06T20:34:32.280Z","version":"Wzg2LDFd"}
+{"attributes":{"fieldFormatMap":"{\"event.sequence\":{\"id\":\"string\"}}","fields":"[{\"name\":\"@timestamp\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"Endpoint.policy\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"agent.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.namespace\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"dataset.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"ecs.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"elastic.agent\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.action\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.category\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.created\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"event.dataset\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.kind\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.module\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"event.type\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.architecture\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.hostname\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.id\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"ip\"},{\"name\":\"host.mac\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.Ext\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.family\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.full\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.full.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.kernel\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.name.text\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.platform\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"host.os.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"message\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":false,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.actions\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.actions.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.actions.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.policy.applied.configurations.events\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.events.concerned_actions\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.events.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.logging\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.logging.concerned_actions\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.logging.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.malware\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.malware.concerned_actions\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.malware.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.streaming\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.configurations.streaming.concerned_actions\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.configurations.streaming.status\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.policy.applied.response\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.policy.applied.version\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.metrics\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.disks\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"boolean\"},{\"name\":\"Endpoint.metrics.disks.free\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.disks.fstype\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.metrics.disks.mount\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"string\"},{\"name\":\"Endpoint.metrics.disks.total\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.memory\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.threads\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"searchable\":false,\"aggregatable\":false,\"doc_values\":false,\"readFromDocValues\":false,\"enabled\":false},{\"name\":\"Endpoint.metrics.uptime\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"Endpoint.metrics.uptime.system\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"event.end\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"},{\"name\":\"event.sequence\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"number\"},{\"name\":\"event.start\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"searchable\":true,\"aggregatable\":true,\"doc_values\":true,\"readFromDocValues\":true,\"type\":\"date\"}]","timeFieldName":"@timestamp","title":"metrics-*"},"id":"metrics-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-06T20:34:33.577Z","version":"WzkzLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Top Average CPU","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Top Average CPU\",\n  \"type\": \"line\",\n  \"params\": {\n    \"type\": \"line\",\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"type\": \"category\",\n        \"position\": \"bottom\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"filter\": true,\n          \"truncate\": 100\n        },\n        \"title\": {}\n      }\n    ],\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"name\": \"LeftAxis-1\",\n        \"type\": \"value\",\n        \"position\": \"left\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\",\n          \"mode\": \"normal\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"rotate\": 0,\n          \"filter\": false,\n          \"truncate\": 100\n        },\n        \"title\": {\n          \"text\": \"Average CPU Usage Percent\"\n        }\n      }\n    ],\n    \"seriesParams\": [\n      {\n        \"show\": true,\n        \"type\": \"area\",\n        \"mode\": \"normal\",\n        \"data\": {\n          \"id\": \"5\",\n          \"label\": \"Average CPU Usage Percent\"\n        },\n        \"valueAxis\": \"ValueAxis-1\",\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"interpolate\": \"cardinal\",\n        \"showCircles\": true\n      }\n    ],\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"legendPosition\": \"right\",\n    \"times\": [],\n    \"addTimeMarker\": false,\n    \"labels\": {},\n    \"thresholdLine\": {\n      \"show\": false,\n      \"value\": 10,\n      \"width\": 1,\n      \"style\": \"full\",\n      \"color\": \"#E7664C\"\n    },\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 1,\n        \"format\": {\n          \"id\": \"date\",\n          \"params\": {\n            \"pattern\": \"YYYY-MM-DD HH:mm\"\n          }\n        },\n        \"params\": {\n          \"date\": true,\n          \"interval\": \"PT12H\",\n          \"intervalESValue\": 12,\n          \"intervalESUnit\": \"h\",\n          \"format\": \"YYYY-MM-DD HH:mm\",\n          \"bounds\": {\n            \"min\": \"2020-04-15T20:56:43.479Z\",\n            \"max\": \"2020-04-29T20:56:43.479Z\"\n          }\n        },\n        \"label\": \"@timestamp per 12 hours\",\n        \"aggType\": \"date_histogram\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"percent\"\n          },\n          \"params\": {},\n          \"label\": \"Average CPU Usage Percent\",\n          \"aggType\": \"avg\"\n        }\n      ],\n      \"series\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Host Name\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    },\n    \"radiusRatio\": 50\n  },\n  \"aggs\": [\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"group\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"5\",\n        \"order\": \"desc\",\n        \"size\": 2,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Host Name\"\n      }\n    },\n    {\n      \"id\": \"5\",\n      \"enabled\": true,\n      \"type\": \"avg\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"Endpoint.metrics.cpu.endpoint.mean\",\n        \"customLabel\": \"Average CPU Usage Percent\"\n      }\n    },\n    {\n      \"id\": \"6\",\n      \"enabled\": true,\n      \"type\": \"date_histogram\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"@timestamp\",\n        \"timeRange\": {\n          \"from\": \"now-2w\",\n          \"to\": \"now\"\n        },\n        \"useNormalizedEsInterval\": true,\n        \"scaleMetricValues\": false,\n        \"interval\": \"auto\",\n        \"drop_partials\": false,\n        \"min_doc_count\": 1,\n        \"extended_bounds\": {},\n        \"customLabel\": \"\"\n      }\n    }\n  ]\n}"},"id":"2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:36:45.659Z","version":"WzEwMywxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"language\": \"kuery\",\n    \"query\": \"\"\n  },\n  \"filter\": [],\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Top Average Memory","uiStateJSON":"{}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Top Average Memory\",\n  \"type\": \"line\",\n  \"params\": {\n    \"addLegend\": true,\n    \"addTimeMarker\": false,\n    \"addTooltip\": true,\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"labels\": {\n          \"filter\": true,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"position\": \"bottom\",\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {},\n        \"type\": \"category\"\n      }\n    ],\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 1,\n        \"format\": {\n          \"id\": \"date\",\n          \"params\": {\n            \"pattern\": \"YYYY-MM-DD HH:mm\"\n          }\n        },\n        \"params\": {\n          \"date\": true,\n          \"interval\": \"PT3H\",\n          \"intervalESValue\": 3,\n          \"intervalESUnit\": \"h\",\n          \"format\": \"YYYY-MM-DD HH:mm\",\n          \"bounds\": {\n            \"min\": \"2020-04-24T20:08:18.470Z\",\n            \"max\": \"2020-04-29T20:08:18.470Z\"\n          }\n        },\n        \"label\": \"@timestamp per 3 hours\",\n        \"aggType\": \"date_histogram\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"bytes\",\n            \"params\": {\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Average Memory Usage\",\n          \"aggType\": \"avg\"\n        }\n      ],\n      \"series\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"host.name: Descending\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    },\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"labels\": {},\n    \"legendPosition\": \"right\",\n    \"seriesParams\": [\n      {\n        \"data\": {\n          \"id\": \"1\",\n          \"label\": \"Average Memory Usage\"\n        },\n        \"drawLinesBetweenPoints\": true,\n        \"interpolate\": \"cardinal\",\n        \"lineWidth\": 2,\n        \"mode\": \"normal\",\n        \"show\": true,\n        \"showCircles\": true,\n        \"type\": \"area\",\n        \"valueAxis\": \"ValueAxis-1\"\n      }\n    ],\n    \"thresholdLine\": {\n      \"color\": \"#E7664C\",\n      \"show\": false,\n      \"style\": \"full\",\n      \"value\": 10,\n      \"width\": 1\n    },\n    \"times\": [],\n    \"type\": \"line\",\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"labels\": {\n          \"filter\": false,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"name\": \"LeftAxis-1\",\n        \"position\": \"left\",\n        \"scale\": {\n          \"defaultYExtents\": false,\n          \"mode\": \"normal\",\n          \"setYExtents\": false,\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {\n          \"text\": \"Average Memory Usage\"\n        },\n        \"type\": \"value\"\n      }\n    ]\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"avg\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"Endpoint.metrics.memory.endpoint.private.mean\",\n        \"customLabel\": \"Average Memory Usage\"\n      }\n    },\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"group\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 2,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"date_histogram\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"@timestamp\",\n        \"timeRange\": {\n          \"from\": \"now-5d\",\n          \"to\": \"now\"\n        },\n        \"useNormalizedEsInterval\": true,\n        \"scaleMetricValues\": false,\n        \"interval\": \"auto\",\n        \"drop_partials\": false,\n        \"min_doc_count\": 1,\n        \"extended_bounds\": {}\n      }\n    }\n  ]\n}"},"id":"3e8ccf70-8961-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:37:02.577Z","version":"WzEwOSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Event Count by Hostname Table","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Event Count by Hostname Table\",\n  \"type\": \"table\",\n  \"params\": {\n    \"perPage\": 10,\n    \"showPartialRows\": false,\n    \"showMetricsAtAllLevels\": false,\n    \"sort\": {\n      \"columnIndex\": null,\n      \"direction\": null\n    },\n    \"showTotal\": false,\n    \"totalFunc\": \"sum\",\n    \"percentageCol\": \"\",\n    \"dimensions\": {\n      \"metrics\": [\n        {\n          \"accessor\": 3,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Event Count\",\n          \"aggType\": \"cardinality\"\n        }\n      ],\n      \"buckets\": [\n        {\n          \"accessor\": 0,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Hostname\",\n          \"aggType\": \"terms\"\n        },\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"string\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"Operating System\",\n          \"aggType\": \"terms\"\n        },\n        {\n          \"accessor\": 2,\n          \"format\": {\n            \"id\": \"terms\",\n            \"params\": {\n              \"id\": \"ip\",\n              \"otherBucketLabel\": \"Other\",\n              \"missingBucketLabel\": \"Missing\",\n              \"parsedUrl\": {\n                \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n                \"pathname\": \"/app/kibana\",\n                \"basePath\": \"\"\n              }\n            }\n          },\n          \"params\": {},\n          \"label\": \"IP Address\",\n          \"aggType\": \"terms\"\n        }\n      ]\n    }\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"cardinality\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"event.id\",\n        \"customLabel\": \"Event Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"bucket\",\n      \"params\": {\n        \"field\": \"host.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 10,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Hostname\"\n      }\n    },\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"bucket\",\n      \"params\": {\n        \"field\": \"host.os.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 5,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Operating System\"\n      }\n    }\n  ]\n}"},"id":"55387750-729c-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:37:15.738Z","version":"WzExMCwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Endpoint Count by Operating System","uiStateJSON":"{\n  \"vis\": {\n    \"legendOpen\": false,\n    \"colors\": {\n      \"Endpoint Count\": \"#7EB26D\"\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Endpoint Count by Operating System\",\n  \"type\": \"histogram\",\n  \"params\": {\n    \"type\": \"histogram\",\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"type\": \"category\",\n        \"position\": \"bottom\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"filter\": true,\n          \"truncate\": 100,\n          \"rotate\": 0\n        },\n        \"title\": {}\n      }\n    ],\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"name\": \"LeftAxis-1\",\n        \"type\": \"value\",\n        \"position\": \"left\",\n        \"show\": true,\n        \"style\": {},\n        \"scale\": {\n          \"type\": \"linear\",\n          \"mode\": \"normal\"\n        },\n        \"labels\": {\n          \"show\": true,\n          \"rotate\": 0,\n          \"filter\": false,\n          \"truncate\": 100\n        },\n        \"title\": {\n          \"text\": \"Endpoint Count\"\n        }\n      }\n    ],\n    \"seriesParams\": [\n      {\n        \"show\": true,\n        \"type\": \"histogram\",\n        \"mode\": \"stacked\",\n        \"data\": {\n          \"label\": \"Endpoint Count\",\n          \"id\": \"1\"\n        },\n        \"valueAxis\": \"ValueAxis-1\",\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"showCircles\": true\n      }\n    ],\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"legendPosition\": \"right\",\n    \"times\": [],\n    \"addTimeMarker\": false,\n    \"labels\": {\n      \"show\": false\n    },\n    \"thresholdLine\": {\n      \"show\": false,\n      \"value\": 10,\n      \"width\": 1,\n      \"style\": \"full\",\n      \"color\": \"#E7664C\"\n    },\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 0,\n        \"format\": {\n          \"id\": \"terms\",\n          \"params\": {\n            \"id\": \"string\",\n            \"otherBucketLabel\": \"Other\",\n            \"missingBucketLabel\": \"Missing\",\n            \"parsedUrl\": {\n              \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n              \"pathname\": \"/app/kibana\",\n              \"basePath\": \"\"\n            }\n          }\n        },\n        \"params\": {},\n        \"label\": \"Operating System\",\n        \"aggType\": \"terms\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Endpoint Count\",\n          \"aggType\": \"cardinality\"\n        }\n      ]\n    }\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"cardinality\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"field\": \"agent.id\",\n        \"customLabel\": \"Endpoint Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"host.os.name\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 10,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Operating System\"\n      }\n    }\n  ]\n}"},"id":"92b1edc0-706a-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:37:31.497Z","version":"WzExMSwxXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"[Endpoint] Event Count by Category","uiStateJSON":"{\n  \"vis\": {\n    \"legendOpen\": false,\n    \"colors\": {\n      \"Event Count\": \"#614D93\"\n    }\n  }\n}","version":1,"visState":"{\n  \"title\": \"[Endpoint] Event Count by Category\",\n  \"type\": \"horizontal_bar\",\n  \"params\": {\n    \"addLegend\": true,\n    \"addTimeMarker\": false,\n    \"addTooltip\": true,\n    \"categoryAxes\": [\n      {\n        \"id\": \"CategoryAxis-1\",\n        \"labels\": {\n          \"filter\": false,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 200\n        },\n        \"position\": \"left\",\n        \"scale\": {\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {},\n        \"type\": \"category\"\n      }\n    ],\n    \"dimensions\": {\n      \"x\": {\n        \"accessor\": 0,\n        \"format\": {\n          \"id\": \"terms\",\n          \"params\": {\n            \"id\": \"string\",\n            \"otherBucketLabel\": \"Other\",\n            \"missingBucketLabel\": \"Missing\",\n            \"parsedUrl\": {\n              \"origin\": \"https://d13d17ee538641ceabf7512875888951.us-east-1.aws.found.io:9243\",\n              \"pathname\": \"/app/kibana\",\n              \"basePath\": \"\"\n            }\n          }\n        },\n        \"params\": {},\n        \"label\": \"Event Category\",\n        \"aggType\": \"terms\"\n      },\n      \"y\": [\n        {\n          \"accessor\": 1,\n          \"format\": {\n            \"id\": \"number\"\n          },\n          \"params\": {},\n          \"label\": \"Event Count\",\n          \"aggType\": \"count\"\n        }\n      ]\n    },\n    \"grid\": {\n      \"categoryLines\": false\n    },\n    \"labels\": {\n      \"show\": false\n    },\n    \"legendPosition\": \"right\",\n    \"seriesParams\": [\n      {\n        \"data\": {\n          \"id\": \"1\",\n          \"label\": \"Event Count\"\n        },\n        \"drawLinesBetweenPoints\": true,\n        \"lineWidth\": 2,\n        \"mode\": \"normal\",\n        \"show\": true,\n        \"showCircles\": true,\n        \"type\": \"histogram\",\n        \"valueAxis\": \"ValueAxis-1\"\n      }\n    ],\n    \"thresholdLine\": {\n      \"color\": \"#E7664C\",\n      \"show\": false,\n      \"style\": \"full\",\n      \"value\": 10,\n      \"width\": 1\n    },\n    \"times\": [],\n    \"type\": \"histogram\",\n    \"valueAxes\": [\n      {\n        \"id\": \"ValueAxis-1\",\n        \"labels\": {\n          \"filter\": true,\n          \"rotate\": 0,\n          \"show\": true,\n          \"truncate\": 100\n        },\n        \"name\": \"LeftAxis-1\",\n        \"position\": \"bottom\",\n        \"scale\": {\n          \"mode\": \"normal\",\n          \"type\": \"linear\"\n        },\n        \"show\": true,\n        \"style\": {},\n        \"title\": {\n          \"text\": \"Event Count\"\n        },\n        \"type\": \"value\"\n      }\n    ]\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"count\",\n      \"schema\": \"metric\",\n      \"params\": {\n        \"customLabel\": \"Event Count\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"event.category\",\n        \"orderBy\": \"1\",\n        \"order\": \"desc\",\n        \"size\": 20,\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Event Category\"\n      }\n    }\n  ]\n}"},"id":"1e525190-7074-11ea-9bc8-6b38f4d29a16","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-06T20:36:31.397Z","version":"WzEwMiwxXQ=="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"language\": \"kuery\",\n    \"query\": \"\"\n  },\n  \"filter\": [\n    {\n      \"meta\": {\n        \"alias\": \"Endpoint Data Filter\",\n        \"negate\": false,\n        \"disabled\": false,\n        \"type\": \"phrase\",\n        \"key\": \"agent.type\",\n        \"params\": {\n          \"query\": \"endpoint\"\n        },\n        \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"\n      },\n      \"query\": {\n        \"match_phrase\": {\n          \"agent.type\": \"endpoint\"\n        }\n      },\n      \"$state\": {\n        \"store\": \"appState\"\n      }\n    }\n  ]\n}"},"optionsJSON":"{\n  \"hidePanelTitles\": false,\n  \"useMargins\": true\n}","panelsJSON":"[\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 0,\n      \"w\": 48,\n      \"h\": 7,\n      \"i\": \"c923502a-9a0e-47bb-8d1b-e642b399c8e3\"\n    },\n    \"panelIndex\": \"c923502a-9a0e-47bb-8d1b-e642b399c8e3\",\n    \"embeddableConfig\": {\n      \"title\": \"Controls\"\n    },\n    \"title\": \"Controls\",\n    \"panelRefName\": \"panel_0\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 7,\n      \"w\": 48,\n      \"h\": 9,\n      \"i\": \"fdbb5d05-207d-48d7-aa03-df16adda707f\"\n    },\n    \"panelIndex\": \"fdbb5d05-207d-48d7-aa03-df16adda707f\",\n    \"embeddableConfig\": {\n      \"title\": \"Alerts over Time\"\n    },\n    \"title\": \"Alerts over Time\",\n    \"panelRefName\": \"panel_1\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 16,\n      \"w\": 24,\n      \"h\": 9,\n      \"i\": \"e1b2e433-9c26-4c76-b0da-43397876a8fc\"\n    },\n    \"panelIndex\": \"e1b2e433-9c26-4c76-b0da-43397876a8fc\",\n    \"embeddableConfig\": {\n      \"title\": \"\"\n    },\n    \"panelRefName\": \"panel_2\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 16,\n      \"w\": 24,\n      \"h\": 9,\n      \"i\": \"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\"\n    },\n    \"panelIndex\": \"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\",\n    \"embeddableConfig\": {\n      \"title\": \"\"\n    },\n    \"panelRefName\": \"panel_3\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 25,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"1da940b4-edcc-469e-81dc-d6d83efb1ea1\"\n    },\n    \"panelIndex\": \"1da940b4-edcc-469e-81dc-d6d83efb1ea1\",\n    \"embeddableConfig\": {\n      \"title\": \"Top Two Endpoints by CPU Usage\"\n    },\n    \"title\": \"Top Two Endpoints by CPU Usage\",\n    \"panelRefName\": \"panel_4\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 25,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"d142d5e6-4296-4315-8790-6266e6c48b54\"\n    },\n    \"panelIndex\": \"d142d5e6-4296-4315-8790-6266e6c48b54\",\n    \"embeddableConfig\": {\n      \"title\": \"Top Two Endpoints by Memory Usage\"\n    },\n    \"title\": \"Top Two Endpoints by Memory Usage\",\n    \"panelRefName\": \"panel_5\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 40,\n      \"w\": 48,\n      \"h\": 10,\n      \"i\": \"2b6b6a19-3870-4127-bccf-c81c51e10544\"\n    },\n    \"panelIndex\": \"2b6b6a19-3870-4127-bccf-c81c51e10544\",\n    \"embeddableConfig\": {\n      \"title\": \"Event Count by Hostname\"\n    },\n    \"title\": \"Event Count by Hostname\",\n    \"panelRefName\": \"panel_6\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 50,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"996c9423-7803-49e0-92d8-4ccfde71b425\"\n    },\n    \"panelIndex\": \"996c9423-7803-49e0-92d8-4ccfde71b425\",\n    \"embeddableConfig\": {\n      \"title\": \"Endpoint Count by Operating System\"\n    },\n    \"title\": \"Endpoint Count by Operating System\",\n    \"panelRefName\": \"panel_7\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 50,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"e16e025f-20c4-4075-8342-76820c2ff4c7\"\n    },\n    \"panelIndex\": \"e16e025f-20c4-4075-8342-76820c2ff4c7\",\n    \"embeddableConfig\": {\n      \"title\": \"Event Count by Category\"\n    },\n    \"title\": \"Event Count by Category\",\n    \"panelRefName\": \"panel_8\"\n  }\n]","timeRestore":false,"title":"Endpoint Dashboard","version":1},"id":"826759f0-7074-11ea-9bc8-6b38f4d29a16","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"1cfceda0-728b-11ea-9bc8-6b38f4d29a16","name":"panel_0","type":"visualization"},{"id":"3560af80-8a5a-11ea-9bc8-6b38f4d29a16","name":"panel_1","type":"visualization"},{"id":"1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16","name":"panel_2","type":"visualization"},{"id":"3aecae50-8a5e-11ea-9bc8-6b38f4d29a16","name":"panel_3","type":"visualization"},{"id":"2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16","name":"panel_4","type":"visualization"},{"id":"3e8ccf70-8961-11ea-9bc8-6b38f4d29a16","name":"panel_5","type":"visualization"},{"id":"55387750-729c-11ea-9bc8-6b38f4d29a16","name":"panel_6","type":"visualization"},{"id":"92b1edc0-706a-11ea-9bc8-6b38f4d29a16","name":"panel_7","type":"visualization"},{"id":"1e525190-7074-11ea-9bc8-6b38f4d29a16","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-06T20:35:39.670Z","version":"Wzk5LDFd"}
 {"exportedCount":12,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 1fbf3d798..83f0c6b9c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,9 +3,9 @@
 version: "3.8"
 services:
   package-registry:
-    image: docker.elastic.co/package-registry/package-registry:master
+    image: docker.elastic.co/package-registry/distribution:production
     volumes:
-      - ./package-registry.config.yml:/registry/config.yml
-      - ./out/packages:/registry/packages/endpoint-package
+      - ./package-registry.config.yml:/package-registry/config.yml
+      - ./out/packages:/packages/endpoint-package
     ports:
       - "127.0.0.1:8080:8080"
diff --git a/package-registry.config.yml b/package-registry.config.yml
index 7b5cbffc4..78b9e146c 100644
--- a/package-registry.config.yml
+++ b/package-registry.config.yml
@@ -1,4 +1,4 @@
 package_paths:
-  - /registry/packages/package-storage
-  - /registry/packages/endpoint-package
+  - /packages/production
+  - /packages/endpoint-package
 dev_mode: true
diff --git a/package/endpoint/docs/README.md b/package/endpoint/docs/README.md
index 574870685..80168f47e 100644
--- a/package/endpoint/docs/README.md
+++ b/package/endpoint/docs/README.md
@@ -1,3 +1,3 @@
-# Endpoint package
+# Elastic Endpoint Security Integration
 
-This is a module for the Endpoint Kibana App and Elastic Endpoint. It sets up the templates, index patterns, aliases, and dashboards.
+This is a module for the Elastic Security Solution Kibana App and Elastic Endpoint. It sets up the templates, index patterns, aliases, and dashboards.
diff --git a/package/endpoint/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json
index c51a4f031..fdb1bb77d 100644
--- a/package/endpoint/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/dashboard/826759f0-7074-11ea-9bc8-6b38f4d29a16.json
@@ -3,10 +3,10 @@
         "description": "",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-            "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"Endpoint Data Filter\",\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"agent.type\",\"params\":{\"query\":\"endpoint\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"agent.type\":\"endpoint\"}},\"$state\":{\"store\":\"appState\"}}]}"
+            "searchSourceJSON": "{\n  \"query\": {\n    \"language\": \"kuery\",\n    \"query\": \"\"\n  },\n  \"filter\": [\n    {\n      \"meta\": {\n        \"alias\": \"Endpoint Data Filter\",\n        \"negate\": false,\n        \"disabled\": false,\n        \"type\": \"phrase\",\n        \"key\": \"agent.type\",\n        \"params\": {\n          \"query\": \"endpoint\"\n        },\n        \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"\n      },\n      \"query\": {\n        \"match_phrase\": {\n          \"agent.type\": \"endpoint\"\n        }\n      },\n      \"$state\": {\n        \"store\": \"appState\"\n      }\n    }\n  ]\n}"
         },
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"c923502a-9a0e-47bb-8d1b-e642b399c8e3\"},\"panelIndex\":\"c923502a-9a0e-47bb-8d1b-e642b399c8e3\",\"embeddableConfig\":{\"title\":\"Controls\"},\"title\":\"Controls\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":9,\"i\":\"fdbb5d05-207d-48d7-aa03-df16adda707f\"},\"panelIndex\":\"fdbb5d05-207d-48d7-aa03-df16adda707f\",\"embeddableConfig\":{\"title\":\"Alerts over Time\"},\"title\":\"Alerts over Time\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":9,\"i\":\"e1b2e433-9c26-4c76-b0da-43397876a8fc\"},\"panelIndex\":\"e1b2e433-9c26-4c76-b0da-43397876a8fc\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":9,\"i\":\"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\"},\"panelIndex\":\"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\",\"embeddableConfig\":{\"title\":\"\"},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":15,\"i\":\"1da940b4-edcc-469e-81dc-d6d83efb1ea1\"},\"panelIndex\":\"1da940b4-edcc-469e-81dc-d6d83efb1ea1\",\"embeddableConfig\":{\"title\":\"Top Two Endpoints by CPU Usage\"},\"title\":\"Top Two Endpoints by CPU Usage\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":15,\"i\":\"d142d5e6-4296-4315-8790-6266e6c48b54\"},\"panelIndex\":\"d142d5e6-4296-4315-8790-6266e6c48b54\",\"embeddableConfig\":{\"title\":\"Top Two Endpoints by Memory Usage\"},\"title\":\"Top Two Endpoints by Memory Usage\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":10,\"i\":\"2b6b6a19-3870-4127-bccf-c81c51e10544\"},\"panelIndex\":\"2b6b6a19-3870-4127-bccf-c81c51e10544\",\"embeddableConfig\":{\"title\":\"Event Count by Hostname\"},\"title\":\"Event Count by Hostname\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":15,\"i\":\"996c9423-7803-49e0-92d8-4ccfde71b425\"},\"panelIndex\":\"996c9423-7803-49e0-92d8-4ccfde71b425\",\"embeddableConfig\":{\"title\":\"Endpoint Count by Operating System\"},\"title\":\"Endpoint Count by Operating System\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":50,\"w\":24,\"h\":15,\"i\":\"e16e025f-20c4-4075-8342-76820c2ff4c7\"},\"panelIndex\":\"e16e025f-20c4-4075-8342-76820c2ff4c7\",\"embeddableConfig\":{\"title\":\"Event Count by Category\"},\"title\":\"Event Count by Category\",\"panelRefName\":\"panel_8\"}]",
+        "optionsJSON": "{\n  \"hidePanelTitles\": false,\n  \"useMargins\": true\n}",
+        "panelsJSON": "[\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 0,\n      \"w\": 48,\n      \"h\": 7,\n      \"i\": \"c923502a-9a0e-47bb-8d1b-e642b399c8e3\"\n    },\n    \"panelIndex\": \"c923502a-9a0e-47bb-8d1b-e642b399c8e3\",\n    \"embeddableConfig\": {\n      \"title\": \"Controls\"\n    },\n    \"title\": \"Controls\",\n    \"panelRefName\": \"panel_0\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 7,\n      \"w\": 48,\n      \"h\": 9,\n      \"i\": \"fdbb5d05-207d-48d7-aa03-df16adda707f\"\n    },\n    \"panelIndex\": \"fdbb5d05-207d-48d7-aa03-df16adda707f\",\n    \"embeddableConfig\": {\n      \"title\": \"Alerts over Time\"\n    },\n    \"title\": \"Alerts over Time\",\n    \"panelRefName\": \"panel_1\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 16,\n      \"w\": 24,\n      \"h\": 9,\n      \"i\": \"e1b2e433-9c26-4c76-b0da-43397876a8fc\"\n    },\n    \"panelIndex\": \"e1b2e433-9c26-4c76-b0da-43397876a8fc\",\n    \"embeddableConfig\": {\n      \"title\": \"\"\n    },\n    \"panelRefName\": \"panel_2\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 16,\n      \"w\": 24,\n      \"h\": 9,\n      \"i\": \"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\"\n    },\n    \"panelIndex\": \"9882f4a7-e675-4f33-9eed-41dfc7b3f88b\",\n    \"embeddableConfig\": {\n      \"title\": \"\"\n    },\n    \"panelRefName\": \"panel_3\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 25,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"1da940b4-edcc-469e-81dc-d6d83efb1ea1\"\n    },\n    \"panelIndex\": \"1da940b4-edcc-469e-81dc-d6d83efb1ea1\",\n    \"embeddableConfig\": {\n      \"title\": \"Top Two Endpoints by CPU Usage\"\n    },\n    \"title\": \"Top Two Endpoints by CPU Usage\",\n    \"panelRefName\": \"panel_4\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 25,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"d142d5e6-4296-4315-8790-6266e6c48b54\"\n    },\n    \"panelIndex\": \"d142d5e6-4296-4315-8790-6266e6c48b54\",\n    \"embeddableConfig\": {\n      \"title\": \"Top Two Endpoints by Memory Usage\"\n    },\n    \"title\": \"Top Two Endpoints by Memory Usage\",\n    \"panelRefName\": \"panel_5\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 40,\n      \"w\": 48,\n      \"h\": 10,\n      \"i\": \"2b6b6a19-3870-4127-bccf-c81c51e10544\"\n    },\n    \"panelIndex\": \"2b6b6a19-3870-4127-bccf-c81c51e10544\",\n    \"embeddableConfig\": {\n      \"title\": \"Event Count by Hostname\"\n    },\n    \"title\": \"Event Count by Hostname\",\n    \"panelRefName\": \"panel_6\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 0,\n      \"y\": 50,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"996c9423-7803-49e0-92d8-4ccfde71b425\"\n    },\n    \"panelIndex\": \"996c9423-7803-49e0-92d8-4ccfde71b425\",\n    \"embeddableConfig\": {\n      \"title\": \"Endpoint Count by Operating System\"\n    },\n    \"title\": \"Endpoint Count by Operating System\",\n    \"panelRefName\": \"panel_7\"\n  },\n  {\n    \"version\": \"7.9.0\",\n    \"gridData\": {\n      \"x\": 24,\n      \"y\": 50,\n      \"w\": 24,\n      \"h\": 15,\n      \"i\": \"e16e025f-20c4-4075-8342-76820c2ff4c7\"\n    },\n    \"panelIndex\": \"e16e025f-20c4-4075-8342-76820c2ff4c7\",\n    \"embeddableConfig\": {\n      \"title\": \"Event Count by Category\"\n    },\n    \"title\": \"Event Count by Category\",\n    \"panelRefName\": \"panel_8\"\n  }\n]",
         "timeRestore": false,
         "title": "Endpoint Dashboard",
         "version": 1
@@ -17,7 +17,7 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-logs",
+            "id": "logs-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
             "type": "index-pattern"
         },
@@ -68,6 +68,6 @@
         }
     ],
     "type": "dashboard",
-    "updated_at": "2020-07-02T22:31:08.392Z",
-    "version": "WzI5MCwxXQ=="
+    "updated_at": "2020-07-06T20:35:39.670Z",
+    "version": "Wzk5LDFd"
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/index-pattern/endpoint-dashboard-logs.json b/package/endpoint/kibana/index-pattern/endpoint-dashboard-logs.json
deleted file mode 100644
index b8e2dc16d..000000000
--- a/package/endpoint/kibana/index-pattern/endpoint-dashboard-logs.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "attributes": {
-        "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.global.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Endpoint.policy.applied.artifacts.user.identifiers\"}}},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.Ext.code_signature\"}}},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.Ext.token.privileges\"}}},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.command_line\"}}},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.executable\"}}},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.name\"}}},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.parent.Ext.code_signature\"}}},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.command_line\"}}},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.executable\"}}},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.name\"}}},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.title\"}}},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.parent.working_directory\"}}},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"Target.process.thread.Ext.token.privileges\"}}},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.title\"}}},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"Target.process.working_directory\"}}},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.build.original\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dataset.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.code_signature\"}}},{\"name\":\"file.Ext.entry_modified\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.macro.errors\"}}},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"file.Ext.macro.stream\"}}},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target_path\"}}},{\"name\":\"file.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.full\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.user.full_name\"}}},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.user.name\"}}},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.request.body.content\"}}},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.response.body.content\"}}},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.Ext.code_signature\"}}},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"number\",\"esTypes\":[\"double\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.Ext.token.privileges\"}}},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.parent.Ext.code_signature\"}}},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.name\"}}},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.title\"}}},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.working_directory\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"nested\":{\"path\":\"process.thread.Ext.token.privileges\"}}},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.title\"}}},{\"name\":\"process.uptime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"threat.technique.name\"}}},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.full_name\"}}},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}}]",
-        "timeFieldName": "@timestamp",
-        "title": "logs-endpoint*"
-    },
-    "id": "endpoint-dashboard-logs",
-    "migrationVersion": {
-        "index-pattern": "7.6.0"
-    },
-    "references": [],
-    "type": "index-pattern",
-    "updated_at": "2020-07-02T21:57:10.812Z",
-    "version": "WzIwNiwxXQ=="
-}
\ No newline at end of file
diff --git a/package/endpoint/kibana/index-pattern/endpoint-dashboard-metrics.json b/package/endpoint/kibana/index_pattern/endpoint-dashboard-metrics.json
similarity index 100%
rename from package/endpoint/kibana/index-pattern/endpoint-dashboard-metrics.json
rename to package/endpoint/kibana/index_pattern/endpoint-dashboard-metrics.json
diff --git a/package/endpoint/kibana/visualization/1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16.json
index 1d22ec616..cca474c37 100644
--- a/package/endpoint/kibana/visualization/1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/1a8b30f0-8a5e-11ea-9bc8-6b38f4d29a16.json
@@ -15,6 +15,6 @@
     },
     "references": [],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:06:13.793Z",
-    "version": "WzIyOCwxXQ=="
+    "updated_at": "2020-07-06T20:34:32.280Z",
+    "version": "WzgwLDFd"
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json
index 566b5eaa6..78bd96131 100644
--- a/package/endpoint/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/1cfceda0-728b-11ea-9bc8-6b38f4d29a16.json
@@ -15,17 +15,17 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-logs",
+            "id": "logs-*",
             "name": "control_0_index_pattern",
             "type": "index-pattern"
         },
         {
-            "id": "endpoint-dashboard-logs",
+            "id": "logs-*",
             "name": "control_1_index_pattern",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:16:19.746Z",
-    "version": "WzI0OSwxXQ=="
+    "updated_at": "2020-07-06T20:36:17.446Z",
+    "version": "WzEwMSwxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json
index dac35302d..bdc7b523b 100644
--- a/package/endpoint/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/1e525190-7074-11ea-9bc8-6b38f4d29a16.json
@@ -15,12 +15,12 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-logs",
+            "id": "logs-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:06:37.838Z",
-    "version": "WzIzMCwxXQ=="
+    "updated_at": "2020-07-06T20:36:31.397Z",
+    "version": "WzEwMiwxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16.json
index 6fd6f1cbc..96ef1616a 100644
--- a/package/endpoint/kibana/visualization/2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/2ed8a5b0-895f-11ea-9bc8-6b38f4d29a16.json
@@ -15,12 +15,12 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-metrics",
+            "id": "metrics-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:22:41.425Z",
-    "version": "WzI3MSwxXQ=="
+    "updated_at": "2020-07-06T20:36:45.659Z",
+    "version": "WzEwMywxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/3560af80-8a5a-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/3560af80-8a5a-11ea-9bc8-6b38f4d29a16.json
index d74c28251..69acb47f1 100644
--- a/package/endpoint/kibana/visualization/3560af80-8a5a-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/3560af80-8a5a-11ea-9bc8-6b38f4d29a16.json
@@ -15,6 +15,6 @@
     },
     "references": [],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:04:10.603Z",
-    "version": "WzIyNSwxXQ=="
+    "updated_at": "2020-07-06T20:34:32.280Z",
+    "version": "Wzg1LDFd"
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/3aecae50-8a5e-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/3aecae50-8a5e-11ea-9bc8-6b38f4d29a16.json
index 20c600022..ba38d52fa 100644
--- a/package/endpoint/kibana/visualization/3aecae50-8a5e-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/3aecae50-8a5e-11ea-9bc8-6b38f4d29a16.json
@@ -15,6 +15,6 @@
     },
     "references": [],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:05:41.636Z",
-    "version": "WzIyNywxXQ=="
+    "updated_at": "2020-07-06T20:34:32.280Z",
+    "version": "Wzg2LDFd"
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/3e8ccf70-8961-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/3e8ccf70-8961-11ea-9bc8-6b38f4d29a16.json
index 14efdc474..1307e6049 100644
--- a/package/endpoint/kibana/visualization/3e8ccf70-8961-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/3e8ccf70-8961-11ea-9bc8-6b38f4d29a16.json
@@ -15,12 +15,12 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-metrics",
+            "id": "metrics-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:23:03.359Z",
-    "version": "WzI3MiwxXQ=="
+    "updated_at": "2020-07-06T20:37:02.577Z",
+    "version": "WzEwOSwxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json
index d4e69461a..3bddbffc9 100644
--- a/package/endpoint/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/55387750-729c-11ea-9bc8-6b38f4d29a16.json
@@ -15,12 +15,12 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-logs",
+            "id": "logs-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T21:58:07.354Z",
-    "version": "WzIwOCwxXQ=="
+    "updated_at": "2020-07-06T20:37:15.738Z",
+    "version": "WzExMCwxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json b/package/endpoint/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json
index 0e169fac0..943cb693c 100644
--- a/package/endpoint/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json
+++ b/package/endpoint/kibana/visualization/92b1edc0-706a-11ea-9bc8-6b38f4d29a16.json
@@ -15,12 +15,12 @@
     },
     "references": [
         {
-            "id": "endpoint-dashboard-metrics",
+            "id": "metrics-*",
             "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
             "type": "index-pattern"
         }
     ],
     "type": "visualization",
-    "updated_at": "2020-07-02T22:14:27.812Z",
-    "version": "WzI0NiwxXQ=="
+    "updated_at": "2020-07-06T20:37:31.497Z",
+    "version": "WzExMSwxXQ=="
 }
\ No newline at end of file
diff --git a/package/endpoint/manifest.yml b/package/endpoint/manifest.yml
index d462746e1..b1e96ac2c 100644
--- a/package/endpoint/manifest.yml
+++ b/package/endpoint/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: endpoint
 title: Elastic Endpoint
-description: This is the Elastic Endpoint package.
+description: Elastic Endpoint Security Integration
 version: 0.9.0
 categories: ["security"]
 # Options are experimental, beta, ga
@@ -13,7 +13,7 @@ license: basic
 
 config_templates:
   - name: endpoint
-    title: Endpoint data source
+    title: Elastic Endpoint Security data source
     description: Interact with the endpoint.
 
     # This tells the UI that for configuration, it must link to a specific solution