forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathos.yml
76 lines (67 loc) · 1.98 KB
/
os.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
- name: os
title: Operating System
group: 2
short: OS fields contain information about the operating system.
description: >
The OS fields contain information about the operating system.
reusable:
top_level: false
expected:
- observer
- host
- user_agent
type: group
fields:
- name: type
level: extended
type: keyword
short: 'Which commercial OS family (one of: linux, macos, unix or windows).'
description: >
Use the `os.type` field to categorize the operating system into one of
the broad commercial families.
One of these following values should be used (lowercase): linux, macos, unix, windows.
If the OS you're dealing with is not in the list, the field should not be populated.
Please let us know by opening an issue with ECS, to propose its addition.
example: macos
- name: platform
level: extended
type: keyword
description: >
Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: name
level: extended
type: keyword
example: "Mac OS X"
description: >
Operating system name, without the version.
multi_fields:
- type: text
name: text
- name: full
level: extended
type: keyword
example: "Mac OS Mojave"
description: >
Operating system name, including the version or code name.
multi_fields:
- type: text
name: text
- name: family
level: extended
type: keyword
example: "debian"
description: >
OS family (such as redhat, debian, freebsd, windows).
- name: version
level: extended
type: keyword
example: "10.14.1"
description: >
Operating system version as a raw string.
- name: kernel
level: extended
type: keyword
example: "4.4.0-112-generic"
description: >
Operating system kernel version as a raw string.