{ "type": "object", "additionalProperties": false, "required": [ "event_type", "timestamp" ], "properties": { "app_proto": { "type": "string" }, "app_proto_expected": { "type": "string" }, "app_proto_orig": { "type": "string" }, "app_proto_tc": { "type": "string" }, "app_proto_ts": { "type": "string" }, "capture_file": { "type": "string" }, "community_id": { "type": "string" }, "dest_ip": { "type": "string" }, "dest_port": { "type": "integer" }, "event_type": { "type": "string" }, "flow_id": { "type": "integer" }, "icmp_code": { "type": "integer" }, "icmp_type": { "type": "integer" }, "log_level": { "type": "string" }, "packet": { "type": "string" }, "parent_id": { "type": "integer" }, "payload": { "type": "string" }, "payload_printable": { "type": "string" }, "pcap_cnt": { "type": "integer" }, "pcap_filename": { "type": "string" }, "pkt_src": { "type": "string" }, "proto": { "type": "string" }, "response_icmp_code": { "type": "integer" }, "response_icmp_type": { "type": "integer" }, "spi": { "type": "integer" }, "src_ip": { "type": "string" }, "src_port": { "type": "integer" }, "stream": { "type": "integer" }, "timestamp": { "type": "string", "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$" }, "direction": { "type": "string" }, "tx_id": { "type": "integer" }, "files": { "type": "array", "minItems": 1, "items": { "type": "object", "additionalProperties": false, "properties": { "end": { "type": "integer" }, "filename": { "type": "string" }, "gaps": { "type": "boolean" }, "magic": { "type": "string" }, "md5": { "type": "string" }, "sha1": { "type": "string" }, "sha256": { "type": "string" }, "size": { "type": "integer" }, "start": { "type": "integer" }, "state": { "type": "string" }, "stored": { "type": "boolean" }, "tx_id": { "type": "integer" }, "sid": { "type": "array", "minItems": 1, "items": { "type": "integer" } } } } }, "vlan": { "type": "array", "minItems": 1, "items": { "type": "number" } }, "alert": { "type": "object", "properties": { "action": { "type": "string" }, "category": { "type": "string" }, "gid": { "type": "integer" }, "rev": { "type": "integer" }, "rule": { "type": "string" }, "severity": { "type": "integer" }, "signature": { "type": "string" }, "signature_id": { "type": "integer" }, "xff": { "type": "string" }, "metadata": { "type": "object", "properties": { "affected_product": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "attack_target": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "created_at": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "deployment": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "former_category": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "malware_family": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "policy": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "signature_severity": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "tag": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "updated_at": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": true }, "source": { "type": "object", "properties": { "ip": { "type": "string" }, "port": { "type": "integer" } }, "additionalProperties": false }, "target": { "type": "object", "properties": { "ip": { "type": "string" }, "port": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "stream_tcp": { "type": "object", "additionalProperties": true }, "anomaly": { "type": "object", "properties": { "app_proto": { "type": "string" }, "event": { "type": "string" }, "layer": { "type": "string" }, "type": { "type": "string" } }, "additionalProperties": false }, "bittorrent_dht": { "type": "object", "properties": { "transaction_id": { "type": "string" }, "client_version": { "type": "string" }, "request_type": { "type": "string" }, "request": { "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" }, "target": { "type": "string" }, "implied_port": { "type": "integer" }, "info_hash": { "type": "string" }, "port": { "type": "integer" }, "token": { "type": "string" } } }, "response": { "type": "object", "additionalProperties": false, "required": [ "id" ], "properties": { "id": { "type": "string" }, "nodes": { "type": "array", "items": { "type": "object", "items": { "type": "object", "additionalProperties": false, "required": [ "id", "ip", "port" ], "properties": { "id": { "type": "string" }, "ip": { "type": "string" }, "port": { "type": "number" } } } } }, "nodes6": { "type": "array", "items": { "type": "object", "additionalProperties": false, "required": [ "id", "ip", "port" ], "properties": { "id": { "type": "string" }, "ip": { "type": "string" }, "port": { "type": "number" } } } }, "token": { "type": "string" }, "values": { "type": "array", "items": { "type": "object" } } } }, "error": { "type": "object", "additionalProperties": false, "properties": { "num": { "type": "integer" }, "msg": { "type": "string" } } } }, "additionalProperties": false }, "dcerpc": { "type": "object", "properties": { "activityuuid": { "type": "string" }, "call_id": { "type": "integer" }, "request": { "type": "string" }, "response": { "type": "string" }, "rpc_version": { "type": "string" }, "seqnum": { "type": "integer" }, "interfaces": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "ack_result": { "type": "integer" }, "uuid": { "type": "string" }, "version": { "type": "string" } }, "additionalProperties": false } }, "req": { "type": "object", "properties": { "frag_cnt": { "type": "integer" }, "opnum": { "type": "integer" }, "stub_data_size": { "type": "integer" } }, "additionalProperties": false }, "res": { "type": "object", "properties": { "frag_cnt": { "type": "integer" }, "stub_data_size": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "dhcp": { "type": "object", "properties": { "assigned_ip": { "type": "string" }, "client_id": { "type": "string" }, "client_ip": { "type": "string" }, "client_mac": { "type": "string" }, "dhcp_type": { "type": "string" }, "hostname": { "type": "string" }, "id": { "type": "integer" }, "lease_time": { "type": "integer" }, "next_server_ip": { "type": "string" }, "rebinding_time": { "type": "integer" }, "relay_ip": { "type": "string" }, "renewal_time": { "type": "integer" }, "subnet_mask": { "type": "string" }, "type": { "type": "string" }, "dns_servers": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "params": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "routers": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "dnp3": { "type": "object", "properties": { "dst": { "type": "integer" }, "src": { "type": "integer" }, "type": { "type": "string" }, "application": { "type": "object", "properties": { "complete": { "type": "boolean" }, "function_code": { "type": "integer" }, "objects": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "count": { "type": "integer" }, "group": { "type": "integer" }, "prefix_code": { "type": "integer" }, "qualifier": { "type": "integer" }, "range_code": { "type": "integer" }, "start": { "type": "integer" }, "stop": { "type": "integer" }, "variation": { "type": "integer" }, "points": { "type": "array", "minItems": 1, "items": { "type": "object", "additionalProperties": true } } }, "additionalProperties": false } }, "control": { "type": "object", "properties": { "con": { "type": "boolean" }, "fin": { "type": "boolean" }, "fir": { "type": "boolean" }, "sequence": { "type": "integer" }, "uns": { "type": "boolean" } }, "additionalProperties": false } }, "additionalProperties": false }, "control": { "type": "object", "properties": { "dir": { "type": "boolean" }, "fcb": { "type": "boolean" }, "fcv": { "type": "boolean" }, "function_code": { "type": "integer" }, "pri": { "type": "boolean" } }, "additionalProperties": false }, "iin": { "type": "object", "properties": { "indicators": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "request": { "type": "object", "properties": { "dst": { "type": "integer" }, "src": { "type": "integer" }, "type": { "type": "string" }, "application": { "type": "object", "properties": { "complete": { "type": "boolean" }, "function_code": { "type": "integer" }, "objects": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "count": { "type": "integer" }, "group": { "type": "integer" }, "prefix_code": { "type": "integer" }, "qualifier": { "type": "integer" }, "range_code": { "type": "integer" }, "start": { "type": "integer" }, "stop": { "type": "integer" }, "variation": { "type": "integer" }, "points": { "type": "array", "minItems": 1, "items": { "type": "object", "additionalProperties": true } } }, "additionalProperties": false } }, "control": { "type": "object", "properties": { "con": { "type": "boolean" }, "fin": { "type": "boolean" }, "fir": { "type": "boolean" }, "sequence": { "type": "integer" }, "uns": { "type": "boolean" } }, "additionalProperties": false } }, "additionalProperties": false }, "control": { "type": "object", "properties": { "dir": { "type": "boolean" }, "fcb": { "type": "boolean" }, "fcv": { "type": "boolean" }, "function_code": { "type": "integer" }, "pri": { "type": "boolean" } }, "additionalProperties": false } }, "additionalProperties": false }, "response": { "type": "object", "properties": { "dst": { "type": "integer" }, "src": { "type": "integer" }, "type": { "type": "string" }, "application": { "type": "object", "properties": { "complete": { "type": "boolean" }, "function_code": { "type": "integer" }, "objects": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "count": { "type": "integer" }, "group": { "type": "integer" }, "prefix_code": { "type": "integer" }, "qualifier": { "type": "integer" }, "range_code": { "type": "integer" }, "start": { "type": "integer" }, "stop": { "type": "integer" }, "variation": { "type": "integer" }, "points": { "type": "array", "minItems": 1, "items": { "type": "object", "additionalProperties": true } } }, "additionalProperties": false } }, "control": { "type": "object", "properties": { "con": { "type": "boolean" }, "fin": { "type": "boolean" }, "fir": { "type": "boolean" }, "sequence": { "type": "integer" }, "uns": { "type": "boolean" } }, "additionalProperties": false } }, "additionalProperties": false }, "control": { "type": "object", "properties": { "dir": { "type": "boolean" }, "fcb": { "type": "boolean" }, "fcv": { "type": "boolean" }, "function_code": { "type": "integer" }, "pri": { "type": "boolean" } }, "additionalProperties": false }, "iin": { "type": "object", "properties": { "indicators": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "dns": { "type": "object", "properties": { "aa": { "type": "boolean" }, "flags": { "type": "string" }, "id": { "type": "integer" }, "qr": { "type": "boolean" }, "ra": { "type": "boolean" }, "rcode": { "type": "string" }, "rd": { "type": "boolean" }, "rrname": { "type": "string" }, "rrtype": { "type": "string" }, "tx_id": { "type": "integer" }, "type": { "type": "string" }, "version": { "type": "integer" }, "opcode": { "description": "DNS opcode as an integer", "type": "integer" }, "answers": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "rdata": { "type": "string" }, "rrname": { "type": "string" }, "rrtype": { "type": "string" }, "ttl": { "type": "integer" }, "srv": { "type": "object", "properties": { "name": { "type": "string" }, "port": { "type": "integer" }, "priority": { "type": "integer" }, "weight": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false } }, "authorities": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "rdata": { "type": "string" }, "rrname": { "type": "string" }, "rrtype": { "type": "string" }, "ttl": { "type": "integer" }, "soa": { "type": "object", "properties": { "expire": { "type": "integer" }, "minimum": { "type": "integer" }, "mname": { "type": "string" }, "refresh": { "type": "integer" }, "retry": { "type": "integer" }, "rname": { "type": "string" }, "serial": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false } }, "query": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "id": { "type": "integer" }, "rrname": { "type": "string" }, "rrtype": { "type": "string" }, "tx_id": { "type": "integer" }, "type": { "type": "string" }, "z": { "type": "boolean" }, "opcode": { "description": "DNS opcode as an integer", "type": "integer" } }, "additionalProperties": false } }, "answer": { "type": "object", "properties": { "flags": { "type": "string" }, "id": { "type": "integer" }, "qr": { "type": "boolean" }, "ra": { "type": "boolean" }, "rcode": { "type": "string" }, "rd": { "type": "boolean" }, "rrname": { "type": "string" }, "rrtype": { "type": "string" }, "type": { "type": "string" }, "version": { "type": "integer" }, "opcode": { "description": "DNS opcode as an integer", "type": "integer" } }, "additionalProperties": false }, "grouped": { "type": "object", "properties": { "A": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "AAAA": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "CNAME": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "MX": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "NULL": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "PTR": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "SRV": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "port": { "type": "integer" }, "priority": { "type": "integer" }, "weight": { "type": "integer" } }, "additionalProperties": false } }, "TXT": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "z": { "type": "boolean" } }, "additionalProperties": false }, "drop": { "type": "object", "properties": { "ack": { "type": "boolean" }, "fin": { "type": "boolean" }, "flowlbl": { "type": "integer" }, "hoplimit": { "type": "integer" }, "tc": { "type": "integer" }, "icmp_id": { "type": "integer" }, "icmp_seq": { "type": "integer" }, "ipid": { "type": "integer" }, "len": { "type": "integer" }, "psh": { "type": "boolean" }, "rst": { "type": "boolean" }, "syn": { "type": "boolean" }, "tcpack": { "type": "integer" }, "tcpres": { "type": "integer" }, "tcpseq": { "type": "integer" }, "tcpurgp": { "type": "integer" }, "tcpwin": { "type": "integer" }, "tos": { "type": "integer" }, "ttl": { "type": "integer" }, "udplen": { "type": "integer" }, "urg": { "type": "boolean" }, "reason": { "type": "string" } }, "additionalProperties": false }, "email": { "type": "object", "properties": { "body_md5": { "type": "string" }, "date": { "type": "string" }, "from": { "type": "string" }, "status": { "type": "string" }, "subject": { "type": "string" }, "subject_md5": { "type": "string" }, "x_mailer": { "type": "string" }, "url": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "attachment": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "to": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "has_ipv6_url": { "type": "boolean" }, "has_ipv4_url": { "type": "boolean" }, "has_exe_url": { "type": "boolean" }, "message_id": { "type": "string" } }, "additionalProperties": false }, "engine": { "type": "object", "properties": { "error": { "type": "string" }, "error_code": { "type": "integer" }, "message": { "type": "string" }, "thread_name": { "type": "string" }, "module": { "type": "string" } }, "additionalProperties": false }, "ether": { "type": "object", "properties": { "dest_mac": { "type": "string" }, "src_mac": { "type": "string" }, "dest_macs": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "src_macs": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "fileinfo": { "type": "object", "properties": { "end": { "type": "integer" }, "file_id": { "type": "integer" }, "filename": { "type": "string" }, "gaps": { "type": "boolean" }, "magic": { "type": "string" }, "md5": { "type": "string" }, "sha1": { "type": "string" }, "sha256": { "type": "string" }, "size": { "type": "integer" }, "start": { "type": "integer" }, "state": { "type": "string" }, "stored": { "type": "boolean" }, "tx_id": { "type": "integer" }, "sid": { "type": "array", "minItems": 1, "items": { "type": "integer" } } }, "additionalProperties": false }, "flow": { "type": "object", "properties": { "action": { "type": "string" }, "age": { "type": "integer" }, "alerted": { "type": "boolean" }, "bypass": { "type": "string" }, "bypassed": { "type": "object", "properties": { "pkts_toserver": { "type": "integer" }, "pkts_toclient": { "type": "integer" }, "bytes_toserver": { "type": "integer" }, "bytes_toclient": { "type": "integer" } }, "additionalProperties": false }, "bytes_toclient": { "type": "integer" }, "bytes_toserver": { "type": "integer" }, "dest_ip": { "type": "string" }, "dest_port": { "type": "integer" }, "end": { "type": "string" }, "pkts_toclient": { "type": "integer" }, "pkts_toserver": { "type": "integer" }, "reason": { "type": "string" }, "src_ip": { "type": "string" }, "src_port": { "type": "integer" }, "start": { "type": "string" }, "state": { "type": "string" } }, "additionalProperties": false }, "frame": { "type": "object", "properties": { "type": { "type": "string" }, "id": { "type": "integer" }, "direction": { "type": "string" }, "stream_offset": { "type": "integer" }, "length": { "type": "integer" }, "complete": { "type": "boolean" }, "payload": { "type": "string" }, "payload_printable": { "type": "string" }, "tx_id": { "type": "integer" } }, "additionalProperties": false }, "ftp": { "type": "object", "properties": { "command": { "type": "string" }, "command_data": { "type": "string" }, "command_truncated": { "type": "boolean" }, "dynamic_port": { "type": "integer" }, "mode": { "type": "string" }, "reply_received": { "type": "string" }, "reply_truncated": { "type": "boolean" }, "completion_code": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "reply": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "ftp_data": { "type": "object", "properties": { "command": { "type": "string" }, "filename": { "type": "string" } }, "additionalProperties": false }, "http": { "type": "object", "properties": { "hostname": { "type": "string" }, "http_content_type": { "type": "string" }, "http_method": { "type": "string" }, "http_port": { "type": "integer" }, "http_refer": { "type": "string" }, "http_response_body": { "type": "string" }, "http_response_body_printable": { "type": "string" }, "http_user_agent": { "type": "string" }, "length": { "type": "integer" }, "org_src_ip": { "type": "string" }, "protocol": { "type": "string" }, "redirect": { "type": "string" }, "status": { "type": "integer" }, "true_client_ip": { "type": "string" }, "url": { "type": "string" }, "version": { "type": "string" }, "x_bluecoat_via": { "type": "string" }, "xff": { "type": "string" }, "request_headers": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "table_size_update": { "type": "integer" }, "value": { "type": "string" } }, "additionalProperties": false } }, "response_headers": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "table_size_update": { "type": "integer" }, "value": { "type": "string" } }, "additionalProperties": false } }, "content_range": { "type": "object", "properties": { "end": { "type": "integer" }, "raw": { "type": "string" }, "size": { "type": "integer" }, "start": { "type": "integer" } }, "additionalProperties": false }, "http2": { "type": "object", "properties": { "stream_id": { "type": "integer" }, "request": { "type": "object", "properties": { "error_code": { "type": "string" }, "priority": { "type": "integer" }, "settings": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "settings_id": { "type": "string" }, "settings_value": { "type": "integer" } }, "additionalProperties": false } } }, "additionalProperties": false }, "response": { "type": "object", "properties": { "error_code": { "type": "string" }, "settings": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "settings_id": { "type": "string" }, "settings_value": { "type": "integer" } }, "additionalProperties": false } } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "http2": { "type": "object", "properties": { "http_method": { "type": "string" }, "http_user_agent": { "type": "string" }, "length": { "type": "integer" }, "status": { "type": "integer" }, "url": { "type": "string" }, "version": { "type": "string" }, "request_headers": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "table_size_update": { "type": "integer" }, "value": { "type": "string" } }, "additionalProperties": false } }, "response_headers": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "table_size_update": { "type": "integer" }, "value": { "type": "string" } }, "additionalProperties": false } }, "http2": { "type": "object", "properties": { "stream_id": { "type": "integer" }, "request": { "type": "object", "properties": { "priority": { "type": "integer" } }, "additionalProperties": false }, "response": { "type": "object", "properties": { "error_code": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "ike": { "type": "object", "optional": true, "properties": { "alg_auth": { "type": "string" }, "alg_auth_raw": { "type": "integer" }, "alg_dh": { "type": "string" }, "alg_dh_raw": { "type": "integer" }, "alg_enc": { "type": "string" }, "alg_enc_raw": { "type": "integer" }, "alg_hash": { "type": "string" }, "alg_hash_raw": { "type": "integer" }, "exchange_type": { "type": "integer" }, "exchange_type_verbose": { "type": "string" }, "init_spi": { "type": "string" }, "message_id": { "type": "integer" }, "resp_spi": { "type": "string" }, "role": { "type": "string" }, "sa_key_length": { "type": "string" }, "sa_key_length_raw": { "type": "integer" }, "sa_life_duration": { "type": "string" }, "sa_life_duration_raw": { "type": "integer" }, "sa_life_type": { "type": "string" }, "sa_life_type_raw": { "type": "integer" }, "version_major": { "type": "integer" }, "version_minor": { "type": "integer" }, "payload": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "ikev1": { "type": "object", "properties": { "doi": { "type": "integer" }, "encrypted_payloads": { "type": "boolean" }, "vendor_ids": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "client": { "type": "object", "properties": { "key_exchange_payload": { "type": "string" }, "key_exchange_payload_length": { "type": "integer" }, "nonce_payload": { "type": "string" }, "nonce_payload_length": { "type": "integer" }, "proposals": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "alg_auth": { "type": "string" }, "alg_auth_raw": { "type": "integer" }, "alg_dh": { "type": "string" }, "alg_dh_raw": { "type": "integer" }, "alg_enc": { "type": "string" }, "alg_enc_raw": { "type": "integer" }, "alg_hash": { "type": "string" }, "alg_hash_raw": { "type": "integer" }, "sa_key_length": { "type": "string" }, "sa_key_length_raw": { "type": "integer" }, "sa_life_duration": { "type": "string" }, "sa_life_duration_raw": { "type": "integer" }, "sa_life_type": { "type": "string" }, "sa_life_type_raw": { "type": "integer" } }, "additionalProperties": false } } }, "additionalProperties": false }, "server": { "type": "object", "properties": { "key_exchange_payload": { "type": "string" }, "key_exchange_payload_length": { "type": "integer" }, "nonce_payload": { "type": "string" }, "nonce_payload_length": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "ikev2": { "type": "object", "properties": { "errors": { "type": "integer" }, "notify": { "type": "array" } }, "additionalProperties": false } }, "additionalProperties": false }, "krb5": { "type": "object", "optional": true, "properties": { "cname": { "type": "string" }, "encryption": { "type": "string" }, "error_code": { "type": "string" }, "failed_request": { "type": "string" }, "msg_type": { "type": "string" }, "realm": { "type": "string" }, "sname": { "type": "string" }, "ticket_encryption": { "type": "string" }, "ticket_weak_encryption": { "type": "boolean" }, "weak_encryption": { "type": "boolean" } }, "additionalProperties": false }, "metadata": { "type": "object", "optional": true, "properties": { "flowbits": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "flowvars": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "gid": { "type": "string" }, "key": { "type": "string" }, "value": { "type": "string" } }, "additionalProperties": true } }, "pktvars": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "uid": { "type": "string" }, "username": { "type": "string" } }, "additionalProperties": false } }, "flowints": { "type": "object", "additionalProperties": true } }, "additionalProperties": false }, "modbus": { "type": "object", "optional": true, "properties": { "id": { "type": "integer" }, "request": { "type": "object", "properties": { "access_type": { "type": "string" }, "category": { "type": "string" }, "data": { "type": "string" }, "error_flags": { "type": "string" }, "function_code": { "type": "string" }, "function_raw": { "type": "integer" }, "protocol_id": { "type": "integer" }, "transaction_id": { "type": "integer" }, "unit_id": { "type": "integer" }, "diagnostic": { "type": "object", "properties": { "code": { "type": "string" }, "data": { "type": "string" }, "raw": { "type": "integer" } }, "additionalProperties": false }, "mei": { "type": "object", "properties": { "code": { "type": "string" }, "data": { "type": "string" }, "raw": { "type": "integer" } }, "additionalProperties": false }, "read": { "type": "object", "properties": { "address": { "type": "integer" }, "quantity": { "type": "integer" } }, "additionalProperties": false }, "write": { "type": "object", "properties": { "address": { "type": "integer" }, "data": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "response": { "type": "object", "properties": { "access_type": { "type": "string" }, "category": { "type": "string" }, "data": { "type": "string" }, "error_flags": { "type": "string" }, "function_code": { "type": "string" }, "function_raw": { "type": "integer" }, "protocol_id": { "type": "integer" }, "transaction_id": { "type": "integer" }, "unit_id": { "type": "integer" }, "diagnostic": { "type": "object", "properties": { "code": { "type": "string" }, "data": { "type": "string" }, "raw": { "type": "integer" } }, "additionalProperties": false }, "exception": { "type": "object", "properties": { "code": { "type": "string" }, "raw": { "type": "integer" } }, "additionalProperties": false }, "read": { "type": "object", "properties": { "data": { "type": "string" } }, "additionalProperties": false }, "write": { "type": "object", "properties": { "address": { "type": "integer" }, "data": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "mqtt": { "type": "object", "optional": true, "properties": { "connack": { "type": "object", "properties": { "dup": { "type": "boolean" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "return_code": { "type": "integer" }, "session_present": { "type": "boolean" }, "properties": { "type": "object", "additionalProperties": true } }, "additionalProperties": false }, "connect": { "type": "object", "properties": { "client_id": { "type": "string" }, "dup": { "type": "boolean" }, "password": { "type": "string" }, "protocol_string": { "type": "string" }, "protocol_version": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "username": { "type": "string" }, "flags": { "type": "object", "properties": { "clean_session": { "type": "boolean" }, "password": { "type": "boolean" }, "username": { "type": "boolean" }, "will": { "type": "boolean" }, "will_retain": { "type": "boolean" } }, "additionalProperties": false }, "properties": { "type": "object", "additionalProperties": true }, "will": { "type": "object", "properties": { "message": { "type": "string" }, "topic": { "type": "string" }, "properties": { "type": "object", "additionalProperties": true } }, "additionalProperties": false } }, "additionalProperties": false }, "disconnect": { "type": "object", "properties": { "dup": { "type": "boolean" }, "qos": { "type": "integer" }, "reason_code": { "type": "integer" }, "retain": { "type": "boolean" }, "properties": { "type": "object", "additionalProperties": true } }, "additionalProperties": false }, "pingreq": { "type": "object", "properties": { "dup": { "type": "boolean" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "pingresp": { "type": "object", "properties": { "dup": { "type": "boolean" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "puback": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "reason_code": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "pubcomp": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "reason_code": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "publish": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message": { "type": "string" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "skipped_length": { "type": "integer" }, "topic": { "type": "string" }, "truncated": { "type": "boolean" }, "properties": { "type": "object", "additionalProperties": true } }, "additionalProperties": false }, "pubrec": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "reason_code": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "pubrel": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "reason_code": { "type": "integer" }, "retain": { "type": "boolean" } }, "additionalProperties": false }, "suback": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "qos_granted": { "type": "array", "minItems": 1, "items": { "type": "integer" } } }, "additionalProperties": false }, "subscribe": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "topics": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "qos": { "type": "integer" }, "topic": { "type": "string" } }, "additionalProperties": false } } }, "additionalProperties": false }, "unsuback": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "reason_codes": { "type": "array", "minItems": 1, "items": { "type": "integer" } } }, "additionalProperties": false }, "unsubscribe": { "type": "object", "properties": { "dup": { "type": "boolean" }, "message_id": { "type": "integer" }, "qos": { "type": "integer" }, "retain": { "type": "boolean" }, "topics": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false } }, "additionalProperties": false }, "netflow": { "type": "object", "optional": true, "properties": { "age": { "type": "integer" }, "bytes": { "type": "integer" }, "end": { "type": "string" }, "max_ttl": { "type": "integer" }, "min_ttl": { "type": "integer" }, "pkts": { "type": "integer" }, "start": { "type": "string" } }, "additionalProperties": false }, "nfs": { "type": "object", "optional": true, "properties": { "file_tx": { "type": "boolean" }, "filename": { "type": "string" }, "hhash": { "type": "string" }, "id": { "type": "integer" }, "procedure": { "type": "string" }, "status": { "type": "string" }, "type": { "type": "string" }, "version": { "type": "integer" }, "read": { "type": "object", "optional": true, "properties": { "chunks": { "type": "integer" }, "first": { "type": "boolean" }, "last": { "type": "boolean" }, "last_xid": { "type": "integer" } }, "additionalProperties": false }, "rename": { "type": "object", "optional": true, "properties": { "from": { "type": "string" }, "to": { "type": "string" } }, "additionalProperties": false }, "write": { "type": "object", "optional": true, "properties": { "chunks": { "type": "integer" }, "first": { "type": "boolean" }, "last": { "type": "boolean" }, "last_xid": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "packet_info": { "type": "object", "optional": true, "properties": { "linktype": { "type": "integer" } }, "additionalProperties": false }, "pgsql": { "type": "object", "optional": true, "properties": { "request": { "type": "object", "properties": { "message": { "type": "string" }, "password": { "type": "string" }, "password_message": { "type": "string" }, "protocol_version": { "type": "string" }, "sasl_authentication_mechanism": { "type": "string" }, "sasl_param": { "type": "string" }, "sasl_response": { "type": "string" }, "simple_query": { "type": "string" }, "startup_parameters": { "type": "object", "properties": { "optional_parameters": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "application_name": { "type": "string" }, "client_encoding": { "type": "string" }, "database": { "type": "string" }, "datestyle": { "type": "string" }, "extra_float_digits": { "type": "string" }, "options": { "type": "string" }, "replication": { "type": "string" } }, "additionalProperties": true } }, "user": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "response": { "type": "object", "properties": { "authentication_md5_password": { "type": "string" }, "authentication_sasl_final": { "type": "string" }, "code": { "type": "string" }, "command_completed": { "type": "string" }, "data_rows": { "type": "integer" }, "data_size": { "type": "integer" }, "field_count": { "type": "integer" }, "file": { "type": "string" }, "line": { "type": "string" }, "message": { "type": "string" }, "parameter_status": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "application_name": { "type": "string" }, "client_encoding": { "type": "string" }, "date_style": { "type": "string" }, "integer_datetimes": { "type": "string" }, "interval_style": { "type": "string" }, "is_superuser": { "type": "string" }, "server_encoding": { "type": "string" }, "server_version": { "type": "string" }, "session_authorization": { "type": "string" }, "standard_conforming_strings": { "type": "string" }, "time_zone": { "type": "string" } }, "additionalProperties": true } }, "process_id": { "type": "integer" }, "routine": { "type": "string" }, "secret_key": { "type": "integer" }, "severity_localizable": { "type": "string" }, "severity_non_localizable": { "type": "string" }, "ssl_accepted": { "type": "boolean" } }, "additionalProperties": false }, "tx_id": { "type": "integer" } }, "additionalProperties": false }, "quic": { "type": "object", "optional": true, "properties": { "cyu": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false } }, "extensions": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "name": { "type": "string" }, "type": { "type": "integer" }, "values": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false } }, "ja3": { "type": "object", "optional": true, "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false }, "ja3s": { "type": "object", "optional": true, "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false }, "sni": { "type": "string" }, "ua": { "type": "string" }, "version": { "type": "string" } }, "additionalProperties": false }, "rdp": { "type": "object", "optional": true, "properties": { "cookie": { "type": "string" }, "event_type": { "type": "string" }, "tx_id": { "type": "integer" }, "channels": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "client": { "type": "object", "properties": { "build": { "type": "string" }, "client_name": { "type": "string" }, "color_depth": { "type": "integer" }, "desktop_height": { "type": "integer" }, "desktop_width": { "type": "integer" }, "function_keys": { "type": "integer" }, "id": { "type": "string" }, "keyboard_layout": { "type": "string" }, "keyboard_type": { "type": "string" }, "product_id": { "type": "integer" }, "version": { "type": "string" }, "capabilities": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false } }, "additionalProperties": false }, "rfb": { "type": "object", "optional": true, "properties": { "screen_shared": { "type": "boolean" }, "authentication": { "type": "object", "properties": { "security_result": { "type": "string" }, "security_type": { "type": "integer" }, "vnc": { "type": "object", "properties": { "challenge": { "type": "string" }, "response": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "client_protocol_version": { "type": "object", "properties": { "major": { "type": "string" }, "minor": { "type": "string" } }, "additionalProperties": false }, "framebuffer": { "type": "object", "properties": { "height": { "type": "integer" }, "name": { "type": "string" }, "width": { "type": "integer" }, "pixel_format": { "type": "object", "properties": { "big_endian": { "type": "boolean" }, "bits_per_pixel": { "type": "integer" }, "blue_max": { "type": "integer" }, "blue_shift": { "type": "integer" }, "depth": { "type": "integer" }, "green_max": { "type": "integer" }, "green_shift": { "type": "integer" }, "red_max": { "type": "integer" }, "red_shift": { "type": "integer" }, "true_color": { "type": "boolean" } }, "additionalProperties": false } }, "additionalProperties": false }, "server_protocol_version": { "type": "object", "properties": { "major": { "type": "string" }, "minor": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "rpc": { "type": "object", "optional": true, "properties": { "auth_type": { "type": "string" }, "status": { "type": "string" }, "xid": { "type": "integer" }, "creds": { "type": "object", "optional": true, "properties": { "gid": { "type": "integer" }, "machine_name": { "type": "string" }, "uid": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "sip": { "type": "object", "optional": true, "properties": { "code": { "type": "string" }, "method": { "type": "string" }, "reason": { "type": "string" }, "request_line": { "type": "string" }, "response_line": { "type": "string" }, "uri": { "type": "string" }, "version": { "type": "string" } }, "additionalProperties": false }, "smb": { "type": "object", "optional": true, "properties": { "access": { "type": "string" }, "accessed": { "type": "integer" }, "changed": { "type": "integer" }, "client_guid": { "type": "string" }, "command": { "type": "string" }, "created": { "type": "integer" }, "dialect": { "type": "string" }, "directory": { "type": "string" }, "disposition": { "type": "string" }, "filename": { "type": "string" }, "fuid": { "type": "string" }, "function": { "type": "string" }, "id": { "type": "integer" }, "level_of_interest": { "type": "string" }, "max_read_size": { "type": "integer" }, "max_write_size": { "type": "integer" }, "modified": { "type": "integer" }, "named_pipe": { "type": "string" }, "rename": { "type": "object", "optional": true, "properties": { "from": { "type": "string" }, "to": { "type": "string" } }, "additionalProperties": false }, "request_done": { "type": "boolean" }, "response_done": { "type": "boolean" }, "server_guid": { "type": "string" }, "session_id": { "type": "integer" }, "set_info": { "type": "object", "optional": true, "properties": { "class": { "type": "string" }, "info_level": { "type": "string" } }, "additionalProperties": false }, "share": { "type": "string" }, "share_type": { "type": "string" }, "size": { "type": "integer" }, "subcmd": { "type": "string" }, "status": { "type": "string" }, "status_code": { "type": "string" }, "tree_id": { "type": "integer" }, "client_dialects": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "set_info": { "type": "object", "optional": true, "properties": { "class": { "type": "string" }, "info_level": { "type": "string" } } }, "rename": { "type": "object", "optional": true, "properties": { "from": { "type": "string" }, "to": { "type": "string" } } }, "dcerpc": { "type": "object", "optional": true, "properties": { "call_id": { "type": "integer" }, "opnum": { "type": "integer" }, "request": { "type": "string" }, "response": { "type": "string" }, "interfaces": { "type": "array", "minItems": 1, "items": { "type": "object", "optional": true, "properties": { "ack_reason": { "type": "integer" }, "ack_result": { "type": "integer" }, "uuid": { "type": "string" }, "version": { "type": "string" } }, "additionalProperties": false } }, "req": { "type": "object", "optional": true, "properties": { "frag_cnt": { "type": "integer" }, "stub_data_size": { "type": "integer" } }, "additionalProperties": false }, "res": { "type": "object", "optional": true, "properties": { "frag_cnt": { "type": "integer" }, "stub_data_size": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "kerberos": { "type": "object", "optional": true, "properties": { "realm": { "type": "string" }, "snames": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "ntlmssp": { "type": "object", "optional": true, "properties": { "domain": { "type": "string" }, "host": { "type": "string" }, "user": { "type": "string" }, "version": { "type": "string", "optional": true }, "warning": { "type": "boolean" } }, "additionalProperties": false }, "request": { "type": "object", "optional": true, "properties": { "native_lm": { "type": "string" }, "native_os": { "type": "string" } }, "additionalProperties": false }, "response": { "type": "object", "optional": true, "properties": { "native_lm": { "type": "string" }, "native_os": { "type": "string" } }, "additionalProperties": false }, "service": { "type": "object", "optional": true, "properties": { "request": { "type": "string" }, "response": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "smtp": { "type": "object", "optional": true, "properties": { "helo": { "type": "string" }, "mail_from": { "type": "string" }, "rcpt_to": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "snmp": { "type": "object", "optional": true, "properties": { "community": { "type": "string" }, "pdu_type": { "type": "string" }, "usm": { "type": "string" }, "version": { "type": "integer" }, "vars": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "ssh": { "type": "object", "optional": true, "properties": { "client": { "type": "object", "properties": { "proto_version": { "type": "string" }, "software_version": { "type": "string" }, "hassh": { "type": "object", "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "server": { "type": "object", "properties": { "proto_version": { "type": "string" }, "software_version": { "type": "string" }, "hassh": { "type": "object", "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "stats": { "type": "object", "optional": true, "properties": { "uptime": { "type": "integer" }, "app_layer": { "type": "object", "properties": { "expectations": { "type": "integer" }, "error": { "type": "object", "properties": { "bittorrent-dht": { "$ref": "#/$defs/stats_applayer_error" }, "dcerpc_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "dcerpc_udp": { "$ref": "#/$defs/stats_applayer_error" }, "dhcp": { "$ref": "#/$defs/stats_applayer_error" }, "dnp3": { "$ref": "#/$defs/stats_applayer_error" }, "dns_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "dns_udp": { "$ref": "#/$defs/stats_applayer_error" }, "enip_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "enip_udp": { "$ref": "#/$defs/stats_applayer_error" }, "failed_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "ftp": { "$ref": "#/$defs/stats_applayer_error" }, "ftp-data": { "$ref": "#/$defs/stats_applayer_error" }, "http": { "$ref": "#/$defs/stats_applayer_error" }, "http2": { "$ref": "#/$defs/stats_applayer_error" }, "ike": { "$ref": "#/$defs/stats_applayer_error" }, "imap": { "$ref": "#/$defs/stats_applayer_error" }, "krb5_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "krb5_udp": { "$ref": "#/$defs/stats_applayer_error" }, "mqtt": { "$ref": "#/$defs/stats_applayer_error" }, "nfs_tcp": { "$ref": "#/$defs/stats_applayer_error" }, "nfs_udp": { "$ref": "#/$defs/stats_applayer_error" }, "ntp": { "$ref": "#/$defs/stats_applayer_error" }, "pgsql": { "$ref": "#/$defs/stats_applayer_error" }, "quic": { "$ref": "#/$defs/stats_applayer_error" }, "rdp": { "$ref": "#/$defs/stats_applayer_error" }, "rfb": { "$ref": "#/$defs/stats_applayer_error" }, "sip": { "$ref": "#/$defs/stats_applayer_error" }, "smb": { "$ref": "#/$defs/stats_applayer_error" }, "smtp": { "$ref": "#/$defs/stats_applayer_error" }, "snmp": { "$ref": "#/$defs/stats_applayer_error" }, "ssh": { "$ref": "#/$defs/stats_applayer_error" }, "telnet": { "$ref": "#/$defs/stats_applayer_error" }, "tftp": { "$ref": "#/$defs/stats_applayer_error" }, "tls": { "$ref": "#/$defs/stats_applayer_error" } }, "additionalProperties": false }, "flow": { "type": "object", "properties": { "bittorrent-dht": { "type": "integer" }, "dcerpc_tcp": { "type": "integer" }, "dcerpc_udp": { "type": "integer" }, "dhcp": { "type": "integer" }, "dnp3": { "type": "integer" }, "dns_tcp": { "type": "integer" }, "dns_udp": { "type": "integer" }, "enip_tcp": { "type": "integer" }, "enip_udp": { "type": "integer" }, "failed_tcp": { "type": "integer" }, "failed_udp": { "type": "integer" }, "ftp": { "type": "integer" }, "ftp-data": { "type": "integer" }, "http": { "type": "integer" }, "http2": { "type": "integer" }, "ike": { "type": "integer" }, "ikev2": { "type": "integer" }, "imap": { "type": "integer" }, "krb5_tcp": { "type": "integer" }, "krb5_udp": { "type": "integer" }, "modbus": { "type": "integer" }, "mqtt": { "type": "integer" }, "nfs_tcp": { "type": "integer" }, "nfs_udp": { "type": "integer" }, "ntp": { "type": "integer" }, "pgsql": { "type": "integer" }, "quic": { "type": "integer" }, "rdp": { "type": "integer" }, "rfb": { "type": "integer" }, "sip": { "type": "integer" }, "smb": { "type": "integer" }, "smtp": { "type": "integer" }, "snmp": { "type": "integer" }, "ssh": { "type": "integer" }, "telnet": { "type": "integer" }, "tftp": { "type": "integer" }, "tls": { "type": "integer" } }, "additionalProperties": false }, "tx": { "type": "object", "properties": { "bittorrent-dht": { "type": "integer" }, "dcerpc_tcp": { "type": "integer" }, "dcerpc_udp": { "type": "integer" }, "dhcp": { "type": "integer" }, "dnp3": { "type": "integer" }, "dns_tcp": { "type": "integer" }, "dns_udp": { "type": "integer" }, "enip_tcp": { "type": "integer" }, "enip_udp": { "type": "integer" }, "ftp": { "type": "integer" }, "ftp-data": { "type": "integer" }, "http": { "type": "integer" }, "http2": { "type": "integer" }, "ike": { "type": "integer" }, "ikev2": { "type": "integer" }, "imap": { "type": "integer" }, "krb5_tcp": { "type": "integer" }, "krb5_udp": { "type": "integer" }, "modbus": { "type": "integer" }, "mqtt": { "type": "integer" }, "nfs_tcp": { "type": "integer" }, "nfs_udp": { "type": "integer" }, "ntp": { "type": "integer" }, "pgsql": { "type": "integer" }, "quic": { "type": "integer" }, "rdp": { "type": "integer" }, "rfb": { "type": "integer" }, "sip": { "type": "integer" }, "smb": { "type": "integer" }, "smtp": { "type": "integer" }, "snmp": { "type": "integer" }, "ssh": { "type": "integer" }, "telnet": { "type": "integer" }, "tftp": { "type": "integer" }, "tls": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "decoder": { "type": "object", "properties": { "avg_pkt_size": { "type": "integer" }, "bytes": { "type": "integer" }, "chdlc": { "type": "integer" }, "erspan": { "type": "integer" }, "esp": { "type": "integer" }, "ethernet": { "type": "integer" }, "arp": { "type": "integer" }, "unknown_ethertype": { "type": "integer" }, "geneve": { "type": "integer" }, "gre": { "type": "integer" }, "icmpv4": { "type": "integer" }, "icmpv6": { "type": "integer" }, "ieee8021ah": { "type": "integer" }, "invalid": { "type": "integer" }, "ipv4": { "type": "integer" }, "ipv4_in_ipv6": { "type": "integer" }, "ipv6": { "type": "integer" }, "ipv6_in_ipv6": { "type": "integer" }, "max_mac_addrs_dst": { "type": "integer" }, "max_mac_addrs_src": { "type": "integer" }, "max_pkt_size": { "type": "integer" }, "mpls": { "type": "integer" }, "nsh": { "type": "integer" }, "null": { "type": "integer" }, "pkts": { "type": "integer" }, "ppp": { "type": "integer" }, "pppoe": { "type": "integer" }, "raw": { "type": "integer" }, "sctp": { "type": "integer" }, "sll": { "type": "integer" }, "tcp": { "type": "integer" }, "teredo": { "type": "integer" }, "too_many_layers": { "type": "integer" }, "udp": { "type": "integer" }, "vlan": { "type": "integer" }, "vlan_qinq": { "type": "integer" }, "vlan_qinqinq": { "type": "integer" }, "vntag": { "type": "integer" }, "vxlan": { "type": "integer" }, "event": { "type": "object", "properties": { "chdlc": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "dce": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "erspan": { "type": "object", "properties": { "header_too_small": { "type": "integer" }, "too_many_vlan_layers": { "type": "integer" }, "unsupported_version": { "type": "integer" } }, "additionalProperties": false }, "esp": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "ethernet": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "geneve": { "type": "object", "properties": { "unknown_payload_type": { "type": "integer" } }, "additionalProperties": false }, "gre": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" }, "version0_flags": { "type": "integer" }, "version0_hdr_too_big": { "type": "integer" }, "version0_malformed_sre_hdr": { "type": "integer" }, "version0_recur": { "type": "integer" }, "version1_chksum": { "type": "integer" }, "version1_flags": { "type": "integer" }, "version1_hdr_too_big": { "type": "integer" }, "version1_malformed_sre_hdr": { "type": "integer" }, "version1_no_key": { "type": "integer" }, "version1_recur": { "type": "integer" }, "version1_route": { "type": "integer" }, "version1_ssr": { "type": "integer" }, "version1_wrong_protocol": { "type": "integer" }, "wrong_version": { "type": "integer" } }, "additionalProperties": false }, "icmpv4": { "type": "object", "properties": { "ipv4_trunc_pkt": { "type": "integer" }, "ipv4_unknown_ver": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "unknown_code": { "type": "integer" }, "unknown_type": { "type": "integer" } }, "additionalProperties": false }, "icmpv6": { "type": "object", "properties": { "experimentation_type": { "type": "integer" }, "ipv6_trunc_pkt": { "type": "integer" }, "ipv6_unknown_version": { "type": "integer" }, "mld_message_with_invalid_hl": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "unassigned_type": { "type": "integer" }, "unknown_code": { "type": "integer" }, "unknown_type": { "type": "integer" } }, "additionalProperties": false }, "ieee8021ah": { "type": "object", "properties": { "header_too_small": { "type": "integer" } }, "additionalProperties": false }, "ipraw": { "type": "object", "properties": { "invalid_ip_version": { "type": "integer" } }, "additionalProperties": false }, "ipv4": { "type": "object", "properties": { "frag_ignored": { "type": "integer" }, "frag_overlap": { "type": "integer" }, "frag_pkt_too_large": { "type": "integer" }, "hlen_too_small": { "type": "integer" }, "icmpv6": { "type": "integer" }, "iplen_smaller_than_hlen": { "type": "integer" }, "opt_duplicate": { "type": "integer" }, "opt_eol_required": { "type": "integer" }, "opt_invalid": { "type": "integer" }, "opt_invalid_len": { "type": "integer" }, "opt_malformed": { "type": "integer" }, "opt_pad_required": { "type": "integer" }, "opt_unknown": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "trunc_pkt": { "type": "integer" }, "wrong_ip_version": { "type": "integer" } }, "additionalProperties": false }, "ipv6": { "type": "object", "properties": { "data_after_none_header": { "type": "integer" }, "dstopts_only_padding": { "type": "integer" }, "dstopts_unknown_opt": { "type": "integer" }, "exthdr_ah_res_not_null": { "type": "integer" }, "exthdr_dupl_ah": { "type": "integer" }, "exthdr_dupl_dh": { "type": "integer" }, "exthdr_dupl_eh": { "type": "integer" }, "exthdr_dupl_fh": { "type": "integer" }, "exthdr_dupl_hh": { "type": "integer" }, "exthdr_dupl_rh": { "type": "integer" }, "exthdr_invalid_optlen": { "type": "integer" }, "exthdr_useless_fh": { "type": "integer" }, "fh_non_zero_reserved_field": { "type": "integer" }, "frag_ignored": { "type": "integer" }, "frag_invalid_length": { "type": "integer" }, "frag_overlap": { "type": "integer" }, "frag_pkt_too_large": { "type": "integer" }, "hopopts_only_padding": { "type": "integer" }, "hopopts_unknown_opt": { "type": "integer" }, "icmpv4": { "type": "integer" }, "ipv4_in_ipv6_too_small": { "type": "integer" }, "ipv4_in_ipv6_wrong_version": { "type": "integer" }, "ipv6_in_ipv6_too_small": { "type": "integer" }, "ipv6_in_ipv6_wrong_version": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "rh_type_0": { "type": "integer" }, "trunc_exthdr": { "type": "integer" }, "trunc_pkt": { "type": "integer" }, "unknown_next_header": { "type": "integer" }, "wrong_ip_version": { "type": "integer" }, "zero_len_padn": { "type": "integer" } }, "additionalProperties": false }, "ltnull": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" }, "unsupported_type": { "type": "integer" } }, "additionalProperties": false }, "mpls": { "type": "object", "properties": { "bad_label_implicit_null": { "type": "integer" }, "bad_label_reserved": { "type": "integer" }, "bad_label_router_alert": { "type": "integer" }, "header_too_small": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "unknown_payload_type": { "type": "integer" } }, "additionalProperties": false }, "nsh": { "type": "object", "properties": { "bad_header_length": { "type": "integer" }, "header_too_small": { "type": "integer" }, "reserved_type": { "type": "integer" }, "unknown_payload": { "type": "integer" }, "unsupported_type": { "type": "integer" }, "unsupported_version": { "type": "integer" } }, "additionalProperties": false }, "ppp": { "type": "object", "properties": { "ip4_pkt_too_small": { "type": "integer" }, "ip6_pkt_too_small": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "unsup_proto": { "type": "integer" }, "vju_pkt_too_small": { "type": "integer" }, "wrong_type": { "type": "integer" } }, "additionalProperties": false }, "pppoe": { "type": "object", "properties": { "malformed_tags": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "wrong_code": { "type": "integer" } }, "additionalProperties": false }, "sctp": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "sll": { "type": "object", "properties": { "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "tcp": { "type": "object", "properties": { "hlen_too_small": { "type": "integer" }, "invalid_optlen": { "type": "integer" }, "opt_duplicate": { "type": "integer" }, "opt_invalid_len": { "type": "integer" }, "pkt_too_small": { "type": "integer" } }, "additionalProperties": false }, "udp": { "type": "object", "properties": { "hlen_invalid": { "type": "integer" }, "hlen_too_small": { "type": "integer" }, "pkt_too_small": { "type": "integer" }, "len_invalid": { "type": "integer" } }, "additionalProperties": false }, "vlan": { "type": "object", "properties": { "header_too_small": { "type": "integer" }, "too_many_layers": { "type": "integer" }, "unknown_type": { "type": "integer" } }, "additionalProperties": false }, "vntag": { "type": "object", "properties": { "header_too_small": { "type": "integer" }, "unknown_type": { "type": "integer" } }, "additionalProperties": false }, "vxlan": { "type": "object", "properties": { "unknown_payload_type": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "defrag": { "type": "object", "properties": { "max_frag_hits": { "type": "integer" }, "ipv4": { "type": "object", "properties": { "fragments": { "type": "integer" }, "reassembled": { "type": "integer" }, "timeouts": { "type": "integer" } }, "additionalProperties": false }, "ipv6": { "type": "object", "properties": { "fragments": { "type": "integer" }, "reassembled": { "type": "integer" }, "timeouts": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "detect": { "type": "object", "properties": { "alert": { "type": "integer" }, "alert_queue_overflow": { "type": "integer" }, "alerts_suppressed": { "type": "integer" }, "mpm_list": { "type": "integer" }, "nonmpm_list": { "type": "integer" }, "fnonmpm_list": { "type": "integer" }, "match_list": { "type": "integer" }, "engines": { "type": "array", "minItems": 1, "items": { "type": "object", "properties": { "id": { "type": "integer" }, "last_reload": { "type": "string" }, "rules_loaded": { "type": "integer" }, "rules_failed": { "type": "integer" } }, "additionalProperties": false } } }, "additionalProperties": false }, "file_store": { "type": "object", "properties": { "fs_errors": { "type": "integer" }, "open_files": { "type": "integer" }, "open_files_max_hit": { "type": "integer" } }, "additionalProperties": false }, "flow": { "type": "object", "properties": { "active": { "type": "integer" }, "emerg_mode_entered": { "type": "integer" }, "emerg_mode_over": { "type": "integer" }, "get_used": { "type": "integer" }, "get_used_eval": { "type": "integer" }, "get_used_eval_busy": { "type": "integer" }, "get_used_eval_reject": { "type": "integer" }, "get_used_failed": { "type": "integer" }, "icmpv4": { "type": "integer" }, "icmpv6": { "type": "integer" }, "memcap": { "type": "integer" }, "memuse": { "type": "integer" }, "spare": { "type": "integer" }, "tcp": { "type": "integer" }, "tcp_reuse": { "type": "integer" }, "total": { "type": "integer" }, "udp": { "type": "integer" }, "end": { "type": "object", "properties": { "state": { "type": "object", "properties": { "new": { "type": "integer" }, "established": { "type": "integer" }, "closed": { "type": "integer" }, "local_bypassed": { "type": "integer" }, "capture_bypassed": { "type": "integer" } }, "additionalProperties": false }, "tcp_state": { "type": "object", "properties": { "none": { "type": "integer" }, "syn_sent": { "type": "integer" }, "syn_recv": { "type": "integer" }, "established": { "type": "integer" }, "fin_wait1": { "type": "integer" }, "fin_wait2": { "type": "integer" }, "time_wait": { "type": "integer" }, "last_ack": { "type": "integer" }, "close_wait": { "type": "integer" }, "closing": { "type": "integer" }, "closed": { "type": "integer" } }, "additionalProperties": false }, "tcp_liberal": { "type": "integer" } }, "additionalProperties": false }, "mgr": { "type": "object", "properties": { "flows_checked": { "type": "integer" }, "flows_evicted": { "type": "integer" }, "flows_evicted_needs_work": { "type": "integer" }, "flows_notimeout": { "type": "integer" }, "flows_timeout": { "type": "integer" }, "full_hash_pass": { "type": "integer" }, "rows_maxlen": { "type": "integer" }, "rows_per_sec": { "type": "integer" } }, "additionalProperties": false }, "recycler": { "type": "object", "properties": { "recycled": { "type": "integer" }, "queue_avg": { "type": "integer" }, "queue_max": { "type": "integer" } }, "additionalProperties": false }, "wrk": { "type": "object", "properties": { "flows_evicted": { "type": "integer" }, "flows_evicted_needs_work": { "type": "integer" }, "flows_evicted_pkt_inject": { "type": "integer" }, "flows_injected": { "type": "integer" }, "flows_injected_max": { "type": "integer" }, "spare_sync": { "type": "integer" }, "spare_sync_avg": { "type": "integer" }, "spare_sync_empty": { "type": "integer" }, "spare_sync_incomplete": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "flow_bypassed": { "type": "object", "properties": { "bytes": { "type": "integer" }, "closed": { "type": "integer" }, "local_bytes": { "type": "integer" }, "local_capture_bytes": { "type": "integer" }, "local_capture_pkts": { "type": "integer" }, "local_pkts": { "type": "integer" }, "pkts": { "type": "integer" } }, "additionalProperties": false }, "flow_mgr": { "type": "object", "properties": { "bypassed_pruned": { "type": "integer" }, "closed_pruned": { "type": "integer" }, "est_pruned": { "type": "integer" }, "flows_checked": { "type": "integer" }, "flows_notimeout": { "type": "integer" }, "flows_removed": { "type": "integer" }, "flows_timeout": { "type": "integer" }, "new_pruned": { "type": "integer" }, "rows_busy": { "type": "integer" }, "rows_checked": { "type": "integer" }, "rows_empty": { "type": "integer" }, "rows_maxlen": { "type": "integer" }, "rows_skipped": { "type": "integer" } }, "additionalProperties": false }, "ftp": { "type": "object", "properties": { "memcap": { "type": "integer" }, "memuse": { "type": "integer" } }, "additionalProperties": false }, "http": { "type": "object", "properties": { "memcap": { "type": "integer" }, "memuse": { "type": "integer" } }, "additionalProperties": false }, "tcp": { "type": "object", "properties": { "ack_unseen_data": { "type": "integer" }, "active_sessions": { "type": "integer" }, "insert_data_normal_fail": { "type": "integer" }, "insert_data_overlap_fail": { "type": "integer" }, "insert_list_fail": { "type": "integer" }, "invalid_checksum": { "type": "integer" }, "memuse": { "type": "integer" }, "midstream_pickups": { "type": "integer" }, "no_flow": { "type": "integer" }, "overlap": { "type": "integer" }, "overlap_diff_data": { "type": "integer" }, "pkt_on_wrong_thread": { "type": "integer" }, "pseudo": { "type": "integer" }, "pseudo_failed": { "type": "integer" }, "reassembly_gap": { "type": "integer" }, "reassembly_memuse": { "type": "integer" }, "rst": { "type": "integer" }, "segment_memcap_drop": { "type": "integer" }, "segment_from_cache": { "type": "integer" }, "segment_from_pool": { "type": "integer" }, "sessions": { "type": "integer" }, "ssn_from_cache": { "type": "integer" }, "ssn_from_pool": { "type": "integer" }, "ssn_memcap_drop": { "type": "integer" }, "stream_depth_reached": { "type": "integer" }, "syn": { "type": "integer" }, "synack": { "type": "integer" } }, "additionalProperties": false } }, "additionalProperties": false }, "tcp": { "type": "object", "properties": { "ack": { "type": "boolean" }, "cwr": { "type": "boolean" }, "ecn": { "type": "boolean" }, "fin": { "type": "boolean" }, "psh": { "type": "boolean" }, "rst": { "type": "boolean" }, "state": { "type": "string" }, "syn": { "type": "boolean" }, "tc_gap": { "type": "boolean" }, "tc_max_regions": { "type": "integer" }, "tcp_flags": { "type": "string" }, "tcp_flags_tc": { "type": "string" }, "tcp_flags_ts": { "type": "string" }, "ts_gap": { "type": "boolean" }, "ts_max_regions": { "type": "integer" }, "urg": { "type": "boolean" } }, "additionalProperties": true }, "template": { "type": "object", "properties": { "request": { "type": "string" }, "response": { "type": "string" } }, "additionalProperties": false }, "tftp": { "type": "object", "properties": { "file": { "type": "string" }, "mode": { "type": "string" }, "packet": { "type": "string" } }, "additionalProperties": false }, "tls": { "type": "object", "properties": { "client": { "type": "object", "properties": { "fingerprint": { "type": "string" }, "issuerdn": { "type": "string" }, "notafter": { "$ref": "#/$defs/tls_date" }, "notbefore": { "$ref": "#/$defs/tls_date" }, "serial": { "type": "string" }, "subject": { "type": "string" } }, "additionalProperties": false }, "fingerprint": { "type": "string" }, "from_proto": { "type": "string" }, "issuerdn": { "type": "string" }, "notafter": { "$ref": "#/$defs/tls_date" }, "notbefore": { "$ref": "#/$defs/tls_date" }, "serial": { "type": "string" }, "session_resumed": { "type": "boolean" }, "sni": { "type": "string" }, "subject": { "type": "string" }, "version": { "type": "string" }, "ja3": { "type": "object", "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false }, "ja3s": { "type": "object", "properties": { "hash": { "type": "string" }, "string": { "type": "string" } }, "additionalProperties": false } }, "additionalProperties": false }, "traffic": { "type": "object", "properties": { "id": { "type": "array", "minItems": 1, "items": { "type": "string" } }, "label": { "type": "array", "minItems": 1, "items": { "type": "string" } } }, "additionalProperties": false }, "tunnel": { "type": "object", "properties": { "depth": { "type": "integer" }, "dest_ip": { "type": "string" }, "dest_port": { "type": "integer" }, "pcap_cnt": { "type": "integer" }, "pkt_src": { "type": "string" }, "proto": { "type": "string" }, "src_ip": { "type": "string" }, "src_port": { "type": "integer" } }, "additionalProperties": false } }, "$defs": { "stats_applayer_error": { "type": "object", "properties": { "gap": { "type": "integer" }, "alloc": { "type": "integer" }, "parser": { "type": "integer" }, "internal": { "type": "integer" } }, "additionalProperties": false }, "tls_date": { "$comment": "Definition for TLS date formats", "type": "string", "pattern": "^[1-2]\\d{3}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$" } } }