Commit 1435082 1 parent 5f45078 commit 1435082 Copy full SHA for 1435082
File tree 1 file changed +38
-0
lines changed
1 file changed +38
-0
lines changed Original file line number Diff line number Diff line change 1+ - name : file
2+ group : 2
3+ title : File
4+ short : Fields describing files.
5+ description : >
6+ A file is defined as a set of information that has been created on, or has existed on a filesystem.
7+
8+ File objects can be associated with host events, network events,
9+ and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services).
10+ File fields provide details about the affected file associated with the event or metric.
11+ type : group
12+ reusable :
13+ top_level : true
14+ expected :
15+ - at : threat.indicator
16+ as : file
17+ - at : threat.enrichments.indicator
18+ as : file
19+ fields :
20+ - name : origin_referrer_url
21+ level : extended
22+ type : keyword
23+ ignore_above : 8192
24+ description : The URL of the webpage that linked to the file.
25+ example : http://example.com/article1.html
26+
27+ - name : origin_url
28+ level : extended
29+ type : keyword
30+ ignore_above : 8192
31+ description : The URL where the file is hosted.
32+ example : http://example.com/imgs/article1_img1.jpg
33+
34+ - name : zone_identifier
35+ level : extended
36+ type : short
37+ description : Windows Zone Identifier for a file.
38+ example : 3
You can’t perform that action at this time.
0 commit comments