diff --git a/.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml b/.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml index 3cfe30c26..ce522185f 100644 --- a/.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml +++ b/.github/workflows/sensor-iso-build-docker-wrap-push-ghcr.yml @@ -102,6 +102,7 @@ jobs: echo "${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}" > ./shared/maxmind_license.txt echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" > ./shared/environment.chroot echo "VCS_REVSION=${{ steps.extract_commit_sha.outputs.sha }}" > ./shared/environment.chroot + echo "BUILD_JOBS=2" > ./shared/environment.chroot sudo /usr/bin/env bash ./build.sh rm -rf ./shared/ ./docs/ ./_config.yml ./_includes ./_layouts /Gemfile ./README.md sudo chmod 644 ./hedgehog-*.* diff --git a/.github/workflows/zeek-build-and-push-ghcr.yml b/.github/workflows/zeek-build-and-push-ghcr.yml index 93f4e60ff..2cd12c3ab 100644 --- a/.github/workflows/zeek-build-and-push-ghcr.yml +++ b/.github/workflows/zeek-build-and-push-ghcr.yml @@ -67,6 +67,8 @@ jobs: file: ./Dockerfiles/zeek.Dockerfile push: true tags: ghcr.io/${{ github.repository_owner }}/malcolm/zeek:${{ steps.extract_branch.outputs.branch }} + build-args: | + BUILD_JOBS=2 - name: Run Trivy vulnerability scanner id: trivy-scan diff --git a/.trigger_iso_workflow_build b/.trigger_iso_workflow_build index b5a2ce556..4ade3f725 100644 --- a/.trigger_iso_workflow_build +++ b/.trigger_iso_workflow_build @@ -1,2 +1,2 @@ # this file exists solely for the purpose of being updated and seen by github to trigger a commit build action -0 \ No newline at end of file +1 \ No newline at end of file diff --git a/.trigger_workflow_build b/.trigger_workflow_build index b5a2ce556..4ade3f725 100644 --- a/.trigger_workflow_build +++ b/.trigger_workflow_build @@ -1,2 +1,2 @@ # this file exists solely for the purpose of being updated and seen by github to trigger a commit build action -0 \ No newline at end of file +1 \ No newline at end of file diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile index 16ccde49c..a674b5eb9 100644 --- a/Dockerfiles/arkime.Dockerfile +++ b/Dockerfiles/arkime.Dockerfile @@ -3,8 +3,11 @@ FROM debian:12-slim AS build # Copyright (c) 2023 Battelle Energy Alliance, LLC. All rights reserved. ENV DEBIAN_FRONTEND noninteractive +ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 -ENV ARKIME_VERSION "v4.4.0" +ENV ARKIME_VERSION "v4.5.0" ENV ARKIME_DIR "/opt/arkime" ENV ARKIME_URL "https://github.com/arkime/arkime.git" ENV ARKIME_LOCALELASTICSEARCH no @@ -50,7 +53,7 @@ RUN apt-get -q update && \ swig \ wget \ zlib1g-dev && \ - python3 -m pip install --break-system-packages --no-cache-dir beautifulsoup4 meson && \ + python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 meson && \ cd /opt && \ git clone --recurse-submodules --branch="$ARKIME_VERSION" "$ARKIME_URL" "./arkime-"$ARKIME_VERSION && \ cd "./arkime-"$ARKIME_VERSION && \ @@ -94,6 +97,8 @@ ENV PUSER_RLIMIT_UNLOCK true ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 ARG OPENSEARCH_URL="http://opensearch:9200" ARG OPENSEARCH_LOCAL=true @@ -169,7 +174,7 @@ RUN sed -i "s/main$/main contrib non-free/g" /etc/apt/sources.list.d/debian.sour vim-tiny \ wget \ tar gzip unzip cpio bzip2 lzma xz-utils p7zip-full unrar zlib1g && \ - python3 -m pip install --break-system-packages --no-cache-dir beautifulsoup4 pyzmq watchdog && \ + python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 pyzmq watchdog && \ ln -sfr $ARKIME_DIR/bin/npm /usr/local/bin/npm && \ ln -sfr $ARKIME_DIR/bin/node /usr/local/bin/node && \ ln -sfr $ARKIME_DIR/bin/npx /usr/local/bin/npx && \ diff --git a/Dockerfiles/file-monitor.Dockerfile b/Dockerfiles/file-monitor.Dockerfile index 9fcbd20ef..36322c503 100644 --- a/Dockerfiles/file-monitor.Dockerfile +++ b/Dockerfiles/file-monitor.Dockerfile @@ -20,6 +20,8 @@ ENV PUSER_PRIV_DROP true ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 ARG ZEEK_EXTRACTOR_PATH=/zeek/extract_files ARG ZEEK_LOG_DIRECTORY=/zeek/logs @@ -81,7 +83,7 @@ ENV YARA_VERSION "4.3.2" ENV YARA_URL "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz" ENV YARA_RULES_SRC_DIR "/yara-rules-src" ENV YARA_RULES_DIR "/yara-rules" -ENV CAPA_VERSION "6.0.0" +ENV CAPA_VERSION "6.1.0" ENV CAPA_URL "https://github.com/fireeye/capa/releases/download/v${CAPA_VERSION}/capa-v${CAPA_VERSION}-linux.zip" ENV CAPA_DIR "/opt/capa" ENV CAPA_BIN "${CAPA_DIR}/capa" @@ -135,7 +137,7 @@ RUN sed -i "s/main$/main contrib non-free/g" /etc/apt/sources.list.d/debian.sour python3-requests \ python3-zmq \ rsync && \ - python3 -m pip install --break-system-packages --no-cache-dir clamd supervisor yara-python python-magic psutil pycryptodome watchdog && \ + python3 -m pip install --break-system-packages --no-compile --no-cache-dir clamd supervisor yara-python python-magic psutil pycryptodome watchdog && \ curl -fsSLO "$SUPERCRONIC_URL" && \ echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - && \ chmod +x "$SUPERCRONIC" && \ diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile index 61d66e184..53b32c6bc 100644 --- a/Dockerfiles/filebeat.Dockerfile +++ b/Dockerfiles/filebeat.Dockerfile @@ -1,4 +1,4 @@ -FROM docker.elastic.co/beats/filebeat-oss:8.9.0 +FROM docker.elastic.co/beats/filebeat-oss:8.10.0 # Copyright (c) 2023 Battelle Energy Alliance, LLC. All rights reserved. LABEL maintainer="malcolm@inl.gov" @@ -23,6 +23,8 @@ ENV PUSER_PRIV_DROP false ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 ARG AUTO_TAG=true ARG FILEBEAT_SCAN_FREQUENCY=10s @@ -93,7 +95,7 @@ RUN apt-get -q update && \ unar \ unzip \ xz-utils && \ - python3 -m pip install --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog && \ + python3 -m pip install --no-compile --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog && \ curl -fsSLO "$SUPERCRONIC_URL" && \ echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - && \ chmod +x "$SUPERCRONIC" && \ diff --git a/Dockerfiles/freq.Dockerfile b/Dockerfiles/freq.Dockerfile index 445dabfe6..fbf2d78f6 100644 --- a/Dockerfiles/freq.Dockerfile +++ b/Dockerfiles/freq.Dockerfile @@ -40,7 +40,7 @@ RUN apt-get -q update && \ python3-pip \ rsync \ tini && \ - pip3 install --break-system-packages supervisor six && \ + pip3 install --break-system-packages --no-compile --no-cache-dir supervisor six && \ cd /opt && \ mkdir -p ./freq_server && \ curl -sSL "$FREQ_URL" | tar xzvf - -C ./freq_server --strip-components 1 && \ diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile index 3790c76ba..f1abd9d9c 100644 --- a/Dockerfiles/logstash.Dockerfile +++ b/Dockerfiles/logstash.Dockerfile @@ -1,4 +1,4 @@ -FROM docker.elastic.co/logstash/logstash-oss:8.9.0 +FROM docker.elastic.co/logstash/logstash-oss:8.10.0 LABEL maintainer="malcolm@inl.gov" LABEL org.opencontainers.image.authors='malcolm@inl.gov' @@ -51,6 +51,7 @@ RUN set -x && \ apt-get -q update && \ apt-get -y -q --no-install-recommends upgrade && \ apt-get -y --no-install-recommends install \ + curl \ gettext \ patch \ python3-setuptools \ @@ -81,6 +82,7 @@ RUN set -x && \ COPY --chmod=755 shared/bin/docker-uid-gid-setup.sh /usr/local/bin/ COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/ +COPY --chmod=755 shared/bin/opensearch_status.sh /usr/local/bin/ COPY --from=ghcr.io/mmguero-dev/gostatic --chmod=755 /goStatic /usr/bin/goStatic COPY --chmod=755 shared/bin/manuf-oui-parse.py /usr/local/bin/ COPY --chmod=755 shared/bin/jdk-cacerts-auto-import.sh /usr/local/bin/ diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile index aed01d44d..beb060696 100644 --- a/Dockerfiles/netbox.Dockerfile +++ b/Dockerfiles/netbox.Dockerfile @@ -1,4 +1,4 @@ -FROM netboxcommunity/netbox:v3.5.7 +FROM netboxcommunity/netbox:v3.6.1 # Copyright (c) 2023 Battelle Energy Alliance, LLC. All rights reserved. LABEL maintainer="malcolm@inl.gov" @@ -13,13 +13,15 @@ LABEL org.opencontainers.image.description='Malcolm container providing the NetB ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm ENV LANG C.UTF-8 +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 ARG DEFAULT_UID=1000 ARG DEFAULT_GID=1000 ENV DEFAULT_UID $DEFAULT_UID ENV DEFAULT_GID $DEFAULT_GID -ENV PUSER "boxer" -ENV PGROUP "boxer" +ENV PUSER "ubuntu" +ENV PGROUP "ubuntu" ENV PUSER_PRIV_DROP true ENV SUPERCRONIC_VERSION "0.2.26" @@ -50,15 +52,24 @@ ADD netbox/patch/* /tmp/netbox-patches/ RUN apt-get -q update && \ apt-get -y -q --no-install-recommends upgrade && \ apt-get install -q -y --no-install-recommends \ + gcc \ git \ jq \ + libpq-dev \ + libpq5 \ patch \ procps \ psmisc \ + python3-dev \ rsync \ supervisor \ tini && \ - "${NETBOX_PATH}/venv/bin/python" -m pip install --break-system-packages --no-cache-dir 'git+https://github.com/mmguero-dev/netbox-initializers' psycopg2 pynetbox python-slugify randomcolor && \ + "${NETBOX_PATH}/venv/bin/python" -m pip install --break-system-packages --no-compile --no-cache-dir \ + 'git+https://github.com/tobiasge/netbox-initializers' \ + psycopg2 \ + pynetbox \ + python-slugify \ + randomcolor && \ cd "${NETBOX_PATH}" && \ bash -c 'for i in /tmp/netbox-patches/*; do patch -p 1 -r - --no-backup-if-mismatch < $i || true; done' && \ curl -fsSLO "${SUPERCRONIC_URL}" && \ @@ -69,13 +80,11 @@ RUN apt-get -q update && \ touch "${SUPERCRONIC_CRONTAB}" && \ curl -fsSL -o /usr/bin/yq "${YQ_URL}" && \ chmod 755 /usr/bin/yq && \ - apt-get -q -y --purge remove patch git && \ + apt-get -q -y --purge remove patch gcc git libpq-dev python3-dev && \ apt-get -q -y --purge autoremove && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ - groupadd --gid ${DEFAULT_GID} ${PUSER} && \ - useradd -m --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER} && \ - usermod -a -G tty ${PUSER} && \ + usermod -a -G tty ${PUSER} && \ mkdir -p /opt/unit "${NETBOX_DEVICETYPE_LIBRARY_PATH}" && \ chown -R $PUSER:root /etc/netbox /opt/unit "${NETBOX_PATH}" && \ cd "$(dirname "${NETBOX_DEVICETYPE_LIBRARY_PATH}")" && \ diff --git a/Dockerfiles/pcap-monitor.Dockerfile b/Dockerfiles/pcap-monitor.Dockerfile index 13d232705..106c6659e 100644 --- a/Dockerfiles/pcap-monitor.Dockerfile +++ b/Dockerfiles/pcap-monitor.Dockerfile @@ -23,6 +23,8 @@ ENV PUSER_PRIV_DROP false ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 ARG OPENSEARCH_URL="http://opensearch:9200" ARG OPENSEARCH_LOCAL=true @@ -61,7 +63,7 @@ RUN apt-get -q update && \ vim-tiny && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - python3 -m pip install --break-system-packages --no-cache-dir opensearch-py pyzmq python-magic requests watchdog && \ + python3 -m pip install --break-system-packages --no-compile --no-cache-dir opensearch-py pyzmq python-magic requests watchdog && \ groupadd --gid ${DEFAULT_GID} ${PGROUP} && \ useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER} diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile index 84e32cee5..b4cb1c3d8 100644 --- a/Dockerfiles/suricata.Dockerfile +++ b/Dockerfiles/suricata.Dockerfile @@ -11,6 +11,8 @@ LABEL org.opencontainers.image.description='Malcolm container providing Suricata ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 # configure unprivileged user and runtime parameters ARG DEFAULT_UID=1000 @@ -99,7 +101,7 @@ RUN sed -i "s/main$/main contrib non-free/g" /etc/apt/sources.list.d/debian.sour tini \ vim-tiny \ zlib1g && \ - python3 -m pip install --break-system-packages --no-cache-dir watchdog && \ + python3 -m pip install --break-system-packages --no-compile --no-cache-dir watchdog && \ curl -fsSLO "$SUPERCRONIC_URL" && \ echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - && \ chmod +x "$SUPERCRONIC" && \ diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile index d0447c326..445fa2cb3 100644 --- a/Dockerfiles/zeek.Dockerfile +++ b/Dockerfiles/zeek.Dockerfile @@ -1,3 +1,61 @@ +FROM debian:12-slim as build + +ENV DEBIAN_FRONTEND noninteractive +ENV TERM xterm + +# for build +ARG ZEEK_VERSION=6.0.1 +ENV ZEEK_VERSION $ZEEK_VERSION +ARG ZEEK_DBG=0 +ENV ZEEK_DBG $ZEEK_DBG +ARG BUILD_JOBS=4 +ENV BUILD_JOBS $BUILD_JOBS +ENV CCACHE_DIR "/var/spool/ccache" +ENV CCACHE_COMPRESS 1 +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 + +RUN apt-get -q update && \ + apt-get -y -q --no-install-recommends upgrade && \ + apt-get install -q -y --no-install-recommends \ + bison \ + ca-certificates \ + ccache \ + cmake \ + curl \ + flex \ + g++ \ + gcc \ + git \ + libfl-dev \ + libgoogle-perftools4 \ + libgoogle-perftools-dev \ + libkrb5-3 \ + libkrb5-dev \ + libmaxminddb-dev \ + libpcap-dev \ + libssl-dev \ + libtcmalloc-minimal4 \ + make \ + ninja-build \ + python3 \ + python3-dev \ + python3-git \ + python3-semantic-version \ + sudo \ + swig \ + zlib1g-dev && \ + mkdir -p /usr/share/src/zeek "${CCACHE_DIR}" && \ + cd /usr/share/src && \ + ( curl -sSL "https://download.zeek.org/zeek-${ZEEK_VERSION}.tar.gz" | tar xzf - -C ./zeek --strip-components 1 ) && \ + cd /usr/share/src/zeek && \ + [ "$ZEEK_DBG" = "1" ] && \ + ./configure --prefix=/opt/zeek --generator=Ninja --ccache --enable-perftools --enable-debug || \ + ./configure --prefix=/opt/zeek --generator=Ninja --ccache --enable-perftools && \ + ninja -C build -j "${BUILD_JOBS}" && \ + cd ./build && \ + cpack -G DEB + FROM debian:12-slim # Copyright (c) 2023 Battelle Energy Alliance, LLC. All rights reserved. @@ -13,6 +71,8 @@ LABEL org.opencontainers.image.description='Malcolm container providing Zeek' ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 # configure unprivileged user and runtime parameters ARG DEFAULT_UID=1000 @@ -30,27 +90,26 @@ ENV PGROUP "zeeker" ENV PUSER_PRIV_DROP false ENV PUSER_RLIMIT_UNLOCK true -# for download and install -ARG ZEEK_LTS= -ARG ZEEK_VERSION=5.2.2-0 - -ENV ZEEK_LTS $ZEEK_LTS -ENV ZEEK_VERSION $ZEEK_VERSION - ENV SUPERCRONIC_VERSION "0.2.26" ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-amd64" ENV SUPERCRONIC "supercronic-linux-amd64" ENV SUPERCRONIC_SHA1SUM "7a79496cf8ad899b99a719355d4db27422396735" ENV SUPERCRONIC_CRONTAB "/etc/crontab" -# for build -ENV CCACHE_DIR "/var/spool/ccache" -ENV CCACHE_COMPRESS 1 +# for download and install +ARG ZEEK_VERSION=6.0.0 +ENV ZEEK_VERSION $ZEEK_VERSION # put Zeek and Spicy in PATH ENV ZEEK_DIR "/opt/zeek" ENV PATH "${ZEEK_DIR}/bin:${PATH}" +# for build +ENV CCACHE_DIR "/var/spool/ccache" +ENV CCACHE_COMPRESS 1 + +COPY --from=build /usr/share/src/zeek/build/*.deb /tmp/zeekdebs/ + # add script for building 3rd-party plugins ADD shared/bin/zeek_install_plugins.sh /usr/local/bin/ @@ -60,6 +119,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ apt-get -y -q --no-install-recommends upgrade && \ apt-get install -q -y --no-install-recommends \ bc \ + binutils \ bison \ ca-certificates \ ccache \ @@ -78,6 +138,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ libatomic1 \ libcap2-bin \ libfl-dev \ + libfl2 \ libgoogle-perftools4 \ libkrb5-3 \ libmaxminddb-dev \ @@ -85,6 +146,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ libpcap-dev \ libpcap0.8 \ libssl-dev \ + libssl3 \ libtcmalloc-minimal4 \ libunwind8 \ libzmq5 \ @@ -92,6 +154,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ make \ moreutils \ ninja-build \ + openssl \ procps \ psmisc \ python3 \ @@ -108,23 +171,10 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ swig \ tini \ vim-tiny \ + xxd \ zlib1g-dev && \ + dpkg -i /tmp/zeekdebs/*.deb && \ python3 -m pip install --break-system-packages --no-cache-dir pymisp stix2 taxii2-client dateparser && \ - mkdir -p /tmp/zeek-packages && \ - cd /tmp/zeek-packages && \ - if [ -n "${ZEEK_LTS}" ]; then ZEEK_LTS="-lts"; fi && export ZEEK_LTS && \ - curl -sSL --remote-name-all \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/libbroker${ZEEK_LTS}-dev_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/zeek${ZEEK_LTS}-core-dev_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/zeek${ZEEK_LTS}-core_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/zeek${ZEEK_LTS}-spicy-dev_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/zeek${ZEEK_LTS}_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/amd64/zeekctl${ZEEK_LTS}_${ZEEK_VERSION}_amd64.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/all/zeek${ZEEK_LTS}-client_${ZEEK_VERSION}_all.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/all/zeek${ZEEK_LTS}-zkg_${ZEEK_VERSION}_all.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/all/zeek${ZEEK_LTS}-btest_${ZEEK_VERSION}_all.deb" \ - "https://download.zeek.org/binary-packages/Debian_12/all/zeek${ZEEK_LTS}-btest-data_${ZEEK_VERSION}_all.deb" && \ - dpkg -i ./*.deb && \ curl -fsSLO "$SUPERCRONIC_URL" && \ echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - && \ chmod +x "$SUPERCRONIC" && \ diff --git a/api/requirements.txt b/api/requirements.txt index e2919f390..571c967c0 100644 --- a/api/requirements.txt +++ b/api/requirements.txt @@ -1,7 +1,7 @@ pytz==2021.3 Flask==2.3.2 gunicorn==20.1.0 -opensearch-py==2.3.0 +opensearch-py==2.3.1 requests==2.31.0 regex==2022.3.2 dateparser==1.1.1 \ No newline at end of file diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini index 0aff4df59..1175de8b5 100644 --- a/arkime/etc/config.ini +++ b/arkime/etc/config.ini @@ -71,1153 +71,1150 @@ valueAutoComplete=false # see https://docs.zeek.org/en/stable/script-reference/log-files.html for Zeek logfile documentation # id information -zeek.uid=db:zeek.uid;kind:termfield;friendly:Zeek Connection ID;help:Zeek Connection ID -network.is_orig=db:network.is_orig;kind:termfield;friendly:Is Originator;help:Is Originator -event.provider=db:event.provider;group:malcolm;kind:termfield;friendly:Data Source;help:Data Source -event.dataset=db:event.dataset;group:malcolm;kind:termfield;friendly:Log Type;help:Log Type -event.module=db:event.module;group:malcolm;kind:termfield;friendly:Data Source Module;help:Data Source Module -event.id=db:event.id;group:malcolm;kind:termfield;friendly:Log ID;help:Log ID -event.hash=db:event.hash;group:malcolm;kind:termfield;friendly:Log Hash;help:Log Hash -event.hits=db:event.hits;group:malcolm;kind:integer;friendly:Hits;help:Hits -zeek.ts=db:zeek.ts;kind:termfield;friendly:Timestamp;help:Zeek Timestamp -host.name=db:host.name;group:malcolm;kind:termfield;friendly:Malcolm Node;help:Malcolm Node +zeek.uid=db:zeek.uid;kind:termfield;viewerOnly:true;friendly:Zeek Connection ID;help:Zeek Connection ID +network.is_orig=db:network.is_orig;kind:termfield;viewerOnly:true;friendly:Is Originator;help:Is Originator +event.provider=db:event.provider;group:malcolm;kind:termfield;viewerOnly:false;friendly:Data Source;help:Data Source +event.dataset=db:event.dataset;group:malcolm;kind:termfield;viewerOnly:false;friendly:Log Type;help:Log Type +event.module=db:event.module;group:malcolm;kind:termfield;viewerOnly:false;friendly:Data Source Module;help:Data Source Module +event.id=db:event.id;group:malcolm;kind:termfield;viewerOnly:false;friendly:Log ID;help:Log ID +event.hash=db:event.hash;group:malcolm;kind:termfield;viewerOnly:false;friendly:Log Hash;help:Log Hash +event.hits=db:event.hits;group:malcolm;kind:integer;viewerOnly:true;friendly:Hits;help:Hits +zeek.ts=db:zeek.ts;kind:termfield;viewerOnly:true;friendly:Timestamp;help:Zeek Timestamp +host.name=db:host.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Malcolm Node;help:Malcolm Node # basic connection information -destination.geo.city_name=db:destination.geo.city_name;group:malcolm;kind:termfield;friendly:Responding GeoIP City;help:Responding GeoIP City -destination.geo.country_name=db:destination.geo.country_name;group:malcolm;kind:termfield;friendly:Responding GeoIP Country;help:Responding GeoIP Country -destination.device.cluster=db:destination.device.cluster;group:malcolm;kind:termfield;friendly:Responding Device Cluster;help:Responding Device Cluster -destination.device.device_type=db:destination.device.device_type;group:malcolm;kind:termfield;friendly:Responding Device Type;help:Responding Device Type -destination.device.id=db:destination.device.id;group:malcolm;kind:integer;friendly:Responding Device ID;help:Responding Device ID -destination.device.manufacturer=db:destination.device.manufacturer;group:malcolm;kind:termfield;friendly:Responding Device Manufacturer;help:Responding Device Manufacturer -destination.device.name=db:destination.device.name;group:malcolm;kind:termfield;friendly:Responding Device Name;help:Responding Device Name -destination.device.role=db:destination.device.role;group:malcolm;kind:termfield;friendly:Responding Device Role;help:Responding Device Role -destination.device.service=db:destination.device.service;group:malcolm;kind:termfield;friendly:Responding Device Service;help:Responding Device Service -destination.device.site=db:destination.device.site;group:malcolm;kind:termfield;friendly:Responding Device Site;help:Responding Device Site -destination.device.url=db:destination.device.url;group:malcolm;kind:termfield;friendly:Responding Device URL;help:Responding Device URL -destination.ip_reverse_dns=db:destination.ip_reverse_dns;group:malcolm;kind:termfield;friendly:Responding IP Reverse DNS;help:Responding IP Reverse DNS -destination.oui=db:destination.oui;group:malcolm;kind:termfield;friendly:Responding OUI;help:Responding OUI -destination.segment.id=db:destination.segment.id;group:malcolm;kind:integer;friendly:Responding Network Segment ID;help:Responding Network Segment ID -destination.segment.name=db:destination.segment.name;group:malcolm;kind:termfield;friendly:Responding Network Segment Name;help:Responding Network Segment Name -destination.segment.site=db:destination.segment.site;group:malcolm;kind:termfield;friendly:Responding Network Segment Site;help:Responding Network Segment Site -destination.segment.tenant=db:destination.segment.tenant;group:malcolm;kind:termfield;friendly:Responding Network Segment Tenant;help:Responding Network Segment Tenant -destination.segment.url=db:destination.segment.url;group:malcolm;kind:termfield;friendly:Responding Network Segment URL;help:Responding Network Segment URL -event.action=db:event.action;group:malcolm;kind:termfield;friendly:Action;help:Action -event.freq_score_v1=db:event.freq_score_v1;group:malcolm;kind:float;friendly:Freq Score v1;help:Freq Score v1 -event.freq_score_v2=db:event.freq_score_v2;group:malcolm;kind:float;friendly:Freq Score v2;help:Freq Score v2 -event.result=db:event.result;group:malcolm;kind:termfield;friendly:Result;help:Result -event.risk_score=db:event.risk_score;group:malcolm;kind:float;friendly:Risk Score;help:Risk Score -event.risk_score_norm=db:event.risk_score_norm;group:malcolm;kind:float;friendly:Risk Score (Normalized);help:Risk Score (Normalized) -event.severity=db:event.severity;group:malcolm;kind:integer;friendly:Severity;help:Severity -event.severity_tags=db:event.severity_tags;group:malcolm;kind:termfield;friendly:Severity Tags;help:Severity Tags -network.direction=db:network.direction;group:malcolm;kind:termfield;friendly:Direction;help:Direction -network.inner.vlan.id=db:network.inner.vlan.id;group:malcolm;kind:integer;friendly:Inner VLAN ID;help:Inner VLAN ID -network.name=db:network.name;group:malcolm;kind:termfield;friendly:Network Name;help:Network Name -network.protocol=db:network.protocol;group:malcolm;kind:termfield;friendly:Service;help:Service -network.protocol_version=db:network.protocol_version;group:malcolm;kind:termfield;friendly:Service Version;help:Service Version -network.transport=db:network.transport;group:malcolm;kind:lotermfield;friendly:Protocol;help:Protocol -network.vlan.id=db:network.vlan.id;group:malcolm;kind:integer;friendly:VLAN ID;help:VLAN ID -related.device_name=db:related.device_name;group:malcolm;kind:termfield;friendly:Related Device Name;help:Related Device Name -related.device_type=db:related.device_type;group:malcolm;kind:termfield;friendly:Related Device Type;help:Related Device Type -related.hash=db:related.hash;group:malcolm;kind:termfield;friendly:Related Hash;help:Related Hash -related.hosts=db:related.hosts;group:malcolm;kind:termfield;friendly:Related Host;help:Related Host -related.ip=db:related.ip;group:malcolm;kind:termfield;friendly:Related IP;help:Related IP -related.mac=db:related.mac;group:malcolm;kind:termfield;friendly:Related MAC;help:Related MAC -related.manufacturer=db:related.manufacturer;group:malcolm;kind:termfield;friendly:Related Manufacturer;help:Related Manufacturer -related.oui=db:related.oui;group:malcolm;kind:termfield;friendly:Related OUI;help:Related OUI -related.password=db:related.password;group:malcolm;kind:termfield;friendly:Password;help:Password -related.role=db:related.role;group:malcolm;kind:termfield;friendly:Related Role;help:Related Role -related.service=db:related.service;group:malcolm;kind:termfield;friendly:Related Service;help:Related Service -related.site=db:related.site;group:malcolm;kind:termfield;friendly:Related Site;help:Related Site -related.user=db:related.user;group:malcolm;kind:termfield;friendly:User;help:User -source.geo.city_name=db:source.geo.city_name;group:malcolm;kind:termfield;friendly:Originating GeoIP City;help:Originating GeoIP City -source.geo.country_name=db:source.geo.country_name;group:malcolm;kind:termfield;friendly:Originating GeoIP Country;help:Originating GeoIP Country -source.device.cluster=db:source.device.cluster;group:malcolm;kind:termfield;friendly:Originating Device Cluster;help:Originating Device Cluster -source.device.device_type=db:source.device.device_type;group:malcolm;kind:termfield;friendly:Originating Device Type;help:Originating Device Type -source.device.id=db:source.device.id;group:malcolm;kind:integer;friendly:Originating Device ID;help:Originating Device ID -source.device.manufacturer=db:source.device.manufacturer;group:malcolm;kind:termfield;friendly:Originating Device Manufacturer;help:Originating Device Manufacturer -source.device.name=db:source.device.name;group:malcolm;kind:termfield;friendly:Originating Device Name;help:Originating Device Name -source.device.role=db:source.device.role;group:malcolm;kind:termfield;friendly:Originating Device Role;help:Originating Device Role -source.device.service=db:source.device.service;group:malcolm;kind:termfield;friendly:Originating Device Service;help:Originating Device Service -source.device.site=db:source.device.site;group:malcolm;kind:termfield;friendly:Originating Device Site;help:Originating Device Site -source.device.url=db:source.device.url;group:malcolm;kind:termfield;friendly:Originating Device URL;help:Originating Device URL -source.ip_reverse_dns=db:source.ip_reverse_dns;group:malcolm;kind:termfield;friendly:Originating IP Reverse DNS;help:Originating IP Reverse DNS -source.nat.ip=db:source.nat.ip;group:malcolm;kind:termfield;friendly:NAT IP;help:NAT IP -source.nat.port=db:source.nat.port;group:malcolm;kind:integer;friendly:NAT Port;help:NAT Port -source.oui=db:source.oui;kind:termfield;group:malcolm;friendly:Originating OUI;help:Originating OUI -source.segment.id=db:source.segment.id;group:malcolm;kind:integer;friendly:Originating Network Segment ID;help:Originating Network Segment ID -source.segment.name=db:source.segment.name;group:malcolm;kind:termfield;friendly:Originating Network Segment Name;help:Originating Network Segment Name -source.segment.site=db:source.segment.site;group:malcolm;kind:termfield;friendly:Originating Network Segment Site;help:Originating Network Segment Site -source.segment.tenant=db:source.segment.tenant;group:malcolm;kind:termfield;friendly:Originating Network Segment Tenant;help:Originating Network Segment Tenant -source.segment.url=db:source.segment.url;group:malcolm;kind:termfield;friendly:Originating Network Segment URL;help:Originating Network Segment URL -user_agent.original=db:user_agent.original;group:malcolm;kind:termfield;friendly:User Agent;help:User Agent -url.original=db:url.original;group:malcolm;kind:termfield;friendly:URL;help:URL -vulnerability.category=db:vulnerability.category;group:malcolm;kind:termfield;friendly:Vulnerability Category;help:Vulnerability Category -vulnerability.description=db:vulnerability.description;group:malcolm;kind:termfield;friendly:Vulnerability Description;help:Vulnerability Description -vulnerability.enumeration=db:vulnerability.enumeration;group:malcolm;kind:termfield;friendly:Vulnerability Enumeration;help:Vulnerability Enumeration -vulnerability.id=db:vulnerability.id;group:malcolm;kind:termfield;friendly:Vulnerability ID;help:Vulnerability ID -vulnerability.reference=db:vulnerability.reference;group:malcolm;kind:termfield;friendly:Vulnerability Reference;help:Vulnerability Reference -vulnerability.scanner.vendor=db:vulnerability.scanner.vendor;group:malcolm;kind:termfield;friendly:Vulnerability Scanner Vendor;help:Vulnerability Scanner Vendor -threat.framework=db:threat.framework;group:malcolm;kind:termfield;friendly:Threat Framework;help:Threat Framework -threat.tactic.id=db:threat.tactic.id;group:malcolm;kind:termfield;friendly:Tactic ID;help:Tactic ID -threat.tactic.name=db:threat.tactic.name;group:malcolm;kind:termfield;friendly:Tactic;help:Tactic -threat.technique.id=db:threat.technique.id;group:malcolm;kind:termfield;friendly:Technique ID;help:Technique ID -threat.technique.name=db:threat.technique.name;group:malcolm;kind:termfield;friendly:Technique;help:Technique -rule.name=db:rule.name;group:malcolm;kind:termfield;friendly:Event Name;help:Event Name -rule.id=db:rule.id;group:malcolm;kind:termfield;friendly:Rule ID;help:Rule ID -rule.category=db:rule.category;group:malcolm;kind:termfield;friendly:Event Category;help:Event Category +destination.geo.city_name=db:destination.geo.city_name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding GeoIP City;help:Responding GeoIP City +destination.geo.country_name=db:destination.geo.country_name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding GeoIP Country;help:Responding GeoIP Country +destination.device.cluster=db:destination.device.cluster;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Cluster;help:Responding Device Cluster +destination.device.device_type=db:destination.device.device_type;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Type;help:Responding Device Type +destination.device.id=db:destination.device.id;group:malcolm;kind:integer;viewerOnly:true;friendly:Responding Device ID;help:Responding Device ID +destination.device.manufacturer=db:destination.device.manufacturer;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Manufacturer;help:Responding Device Manufacturer +destination.device.name=db:destination.device.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Name;help:Responding Device Name +destination.device.role=db:destination.device.role;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Role;help:Responding Device Role +destination.device.service=db:destination.device.service;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Service;help:Responding Device Service +destination.device.site=db:destination.device.site;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device Site;help:Responding Device Site +destination.device.url=db:destination.device.url;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Device URL;help:Responding Device URL +destination.ip_reverse_dns=db:destination.ip_reverse_dns;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding IP Reverse DNS;help:Responding IP Reverse DNS +destination.oui=db:destination.oui;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding OUI;help:Responding OUI +destination.segment.id=db:destination.segment.id;group:malcolm;kind:integer;viewerOnly:true;friendly:Responding Network Segment ID;help:Responding Network Segment ID +destination.segment.name=db:destination.segment.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Network Segment Name;help:Responding Network Segment Name +destination.segment.site=db:destination.segment.site;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Network Segment Site;help:Responding Network Segment Site +destination.segment.tenant=db:destination.segment.tenant;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Network Segment Tenant;help:Responding Network Segment Tenant +destination.segment.url=db:destination.segment.url;group:malcolm;kind:termfield;viewerOnly:true;friendly:Responding Network Segment URL;help:Responding Network Segment URL +event.action=db:event.action;group:malcolm;kind:termfield;viewerOnly:true;friendly:Action;help:Action +event.freq_score_v1=db:event.freq_score_v1;group:malcolm;kind:float;viewerOnly:true;friendly:Freq Score v1;help:Freq Score v1 +event.freq_score_v2=db:event.freq_score_v2;group:malcolm;kind:float;viewerOnly:true;friendly:Freq Score v2;help:Freq Score v2 +event.result=db:event.result;group:malcolm;kind:termfield;viewerOnly:true;friendly:Result;help:Result +event.risk_score=db:event.risk_score;group:malcolm;kind:float;viewerOnly:true;friendly:Risk Score;help:Risk Score +event.risk_score_norm=db:event.risk_score_norm;group:malcolm;kind:float;viewerOnly:true;friendly:Risk Score (Normalized);help:Risk Score (Normalized) +event.severity=db:event.severity;group:malcolm;kind:integer;viewerOnly:true;friendly:Severity;help:Severity +event.severity_tags=db:event.severity_tags;group:malcolm;kind:termfield;viewerOnly:true;friendly:Severity Tags;help:Severity Tags +network.direction=db:network.direction;group:malcolm;kind:termfield;viewerOnly:true;friendly:Direction;help:Direction +network.inner.vlan.id=db:network.inner.vlan.id;group:malcolm;kind:integer;viewerOnly:true;friendly:Inner VLAN ID;help:Inner VLAN ID +network.name=db:network.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Network Name;help:Network Name +network.protocol=db:network.protocol;group:malcolm;kind:termfield;viewerOnly:true;friendly:Service;help:Service +network.protocol_version=db:network.protocol_version;group:malcolm;kind:termfield;viewerOnly:true;friendly:Service Version;help:Service Version +network.transport=db:network.transport;group:malcolm;kind:lotermfield;viewerOnly:true;friendly:Protocol;help:Protocol +network.vlan.id=db:network.vlan.id;group:malcolm;kind:integer;viewerOnly:false;friendly:VLAN ID;help:VLAN ID +related.device_name=db:related.device_name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Device Name;help:Related Device Name +related.device_type=db:related.device_type;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Device Type;help:Related Device Type +related.hash=db:related.hash;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Hash;help:Related Hash +related.hosts=db:related.hosts;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Host;help:Related Host +related.ip=db:related.ip;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related IP;help:Related IP +related.mac=db:related.mac;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related MAC;help:Related MAC +related.manufacturer=db:related.manufacturer;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Manufacturer;help:Related Manufacturer +related.oui=db:related.oui;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related OUI;help:Related OUI +related.password=db:related.password;group:malcolm;kind:termfield;viewerOnly:true;friendly:Password;help:Password +related.role=db:related.role;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Role;help:Related Role +related.service=db:related.service;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Service;help:Related Service +related.site=db:related.site;group:malcolm;kind:termfield;viewerOnly:true;friendly:Related Site;help:Related Site +related.user=db:related.user;group:malcolm;kind:termfield;viewerOnly:true;friendly:User;help:User +source.geo.city_name=db:source.geo.city_name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating GeoIP City;help:Originating GeoIP City +source.geo.country_name=db:source.geo.country_name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating GeoIP Country;help:Originating GeoIP Country +source.device.cluster=db:source.device.cluster;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Cluster;help:Originating Device Cluster +source.device.device_type=db:source.device.device_type;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Type;help:Originating Device Type +source.device.id=db:source.device.id;group:malcolm;kind:integer;viewerOnly:true;friendly:Originating Device ID;help:Originating Device ID +source.device.manufacturer=db:source.device.manufacturer;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Manufacturer;help:Originating Device Manufacturer +source.device.name=db:source.device.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Name;help:Originating Device Name +source.device.role=db:source.device.role;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Role;help:Originating Device Role +source.device.service=db:source.device.service;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Service;help:Originating Device Service +source.device.site=db:source.device.site;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device Site;help:Originating Device Site +source.device.url=db:source.device.url;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Device URL;help:Originating Device URL +source.ip_reverse_dns=db:source.ip_reverse_dns;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating IP Reverse DNS;help:Originating IP Reverse DNS +source.nat.ip=db:source.nat.ip;group:malcolm;kind:termfield;viewerOnly:true;friendly:NAT IP;help:NAT IP +source.nat.port=db:source.nat.port;group:malcolm;kind:integer;viewerOnly:true;friendly:NAT Port;help:NAT Port +source.oui=db:source.oui;kind:termfield;group:malcolm;viewerOnly:true;friendly:Originating OUI;help:Originating OUI +source.segment.id=db:source.segment.id;group:malcolm;kind:integer;viewerOnly:true;friendly:Originating Network Segment ID;help:Originating Network Segment ID +source.segment.name=db:source.segment.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Network Segment Name;help:Originating Network Segment Name +source.segment.site=db:source.segment.site;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Network Segment Site;help:Originating Network Segment Site +source.segment.tenant=db:source.segment.tenant;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Network Segment Tenant;help:Originating Network Segment Tenant +source.segment.url=db:source.segment.url;group:malcolm;kind:termfield;viewerOnly:true;friendly:Originating Network Segment URL;help:Originating Network Segment URL +user_agent.original=db:user_agent.original;group:malcolm;kind:termfield;viewerOnly:true;friendly:User Agent;help:User Agent +url.original=db:url.original;group:malcolm;kind:termfield;viewerOnly:true;friendly:URL;help:URL +vulnerability.category=db:vulnerability.category;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability Category;help:Vulnerability Category +vulnerability.description=db:vulnerability.description;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability Description;help:Vulnerability Description +vulnerability.enumeration=db:vulnerability.enumeration;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability Enumeration;help:Vulnerability Enumeration +vulnerability.id=db:vulnerability.id;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability ID;help:Vulnerability ID +vulnerability.reference=db:vulnerability.reference;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability Reference;help:Vulnerability Reference +vulnerability.scanner.vendor=db:vulnerability.scanner.vendor;group:malcolm;kind:termfield;viewerOnly:true;friendly:Vulnerability Scanner Vendor;help:Vulnerability Scanner Vendor +threat.framework=db:threat.framework;group:malcolm;kind:termfield;viewerOnly:true;friendly:Threat Framework;help:Threat Framework +threat.tactic.id=db:threat.tactic.id;group:malcolm;kind:termfield;viewerOnly:true;friendly:Tactic ID;help:Tactic ID +threat.tactic.name=db:threat.tactic.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Tactic;help:Tactic +threat.technique.id=db:threat.technique.id;group:malcolm;kind:termfield;viewerOnly:true;friendly:Technique ID;help:Technique ID +threat.technique.name=db:threat.technique.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Technique;help:Technique +rule.name=db:rule.name;group:malcolm;kind:termfield;viewerOnly:true;friendly:Event Name;help:Event Name +rule.id=db:rule.id;group:malcolm;kind:termfield;viewerOnly:true;friendly:Rule ID;help:Rule ID +rule.category=db:rule.category;group:malcolm;kind:termfield;viewerOnly:true;friendly:Event Category;help:Event Category # file information -zeek.fuid=db:zeek.fuid;kind:termfield;friendly:File ID;help:File ID -file.path=db:file.path;group:malcolm;kind:termfield;friendly:File Path;help:File Path -file.mime_type=db:file.mime_type;group:malcolm;kind:termfield;friendly:File Magic;help:File Magic -file.source=db:file.source;group:malcolm;kind:termfield;friendly:File Transport;help:File Transport +zeek.fuid=db:zeek.fuid;kind:termfield;viewerOnly:true;friendly:File ID;help:File ID +file.path=db:file.path;group:malcolm;kind:termfield;viewerOnly:true;friendly:File Path;help:File Path +file.mime_type=db:file.mime_type;group:malcolm;kind:termfield;viewerOnly:true;friendly:File Magic;help:File Magic +file.source=db:file.source;group:malcolm;kind:termfield;viewerOnly:true;friendly:File Transport;help:File Transport # conn.log # https://docs.zeek.org/en/stable/scripts/base/protocols/conn/main.zeek.html#type-Conn::Info -zeek.conn.duration=db:zeek.conn.duration;group:zeek_conn;kind:termfield;friendly:Duration;help:Duration -zeek.conn.orig_bytes=db:zeek.conn.orig_bytes;group:zeek_conn;kind:integer;friendly:Originating Bytes;help:Originating Bytes -zeek.conn.resp_bytes=db:zeek.conn.resp_bytes;group:zeek_conn;kind:integer;friendly:Responding Bytes;help:Responding Bytes -zeek.conn.conn_state=db:zeek.conn.conn_state;group:zeek_conn;kind:termfield;friendly:Connection State Code;help:Connection State Code -zeek.conn.conn_state_description=db:zeek.conn.conn_state_description;group:zeek_conn;kind:termfield;friendly:conn Connection State;help:conn Connection State -zeek.conn.local_orig=db:zeek.conn.local_orig;group:zeek_conn;kind:termfield;friendly:Local Originator;help:Local Originator -zeek.conn.local_resp=db:zeek.conn.local_resp;group:zeek_conn;kind:termfield;friendly:Local Responder;help:Local Responder -zeek.conn.missed_bytes=db:zeek.conn.missed_bytes;group:zeek_conn;kind:integer;friendly:Missed Bytes;help:Missed Bytes -zeek.conn.history=db:zeek.conn.history;group:zeek_conn;kind:termfield;friendly:Connection Flags History;help:Connection Flags History -zeek.conn.orig_pkts=db:zeek.conn.orig_pkts;group:zeek_conn;kind:integer;friendly:Originating Packets;help:Originating Packets -zeek.conn.orig_ip_bytes=db:zeek.conn.orig_ip_bytes;group:zeek_conn;kind:integer;friendly:Originating IP Bytes;help:Originating IP Bytes -zeek.conn.resp_pkts=db:zeek.conn.resp_pkts;group:zeek_conn;kind:integer;friendly:Responding Packets;help:Responding Packets -zeek.conn.resp_ip_bytes=db:zeek.conn.resp_ip_bytes;group:zeek_conn;kind:integer;friendly:Responding IP Bytes;help:Responding IP Bytes -zeek.conn.tunnel_parents=db:zeek.conn.tunnel_parents;group:zeek_conn;kind:termfield;friendly:Tunnel Connection ID;help:Tunnel Connection ID -zeek.conn.vlan=db:zeek.conn.vlan;group:zeek_conn;kind:integer;friendly:Outer VLAN;help:Outer VLAN -zeek.conn.inner_vlan=db:zeek.conn.inner_vlan;group:zeek_conn;kind:integer;friendly:Inner VLAN;help:Inner VLAN +zeek.conn.duration=db:zeek.conn.duration;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Duration;help:Duration +zeek.conn.orig_bytes=db:zeek.conn.orig_bytes;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Originating Bytes;help:Originating Bytes +zeek.conn.resp_bytes=db:zeek.conn.resp_bytes;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Responding Bytes;help:Responding Bytes +zeek.conn.conn_state=db:zeek.conn.conn_state;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Connection State Code;help:Connection State Code +zeek.conn.conn_state_description=db:zeek.conn.conn_state_description;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:conn Connection State;help:conn Connection State +zeek.conn.local_orig=db:zeek.conn.local_orig;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Local Originator;help:Local Originator +zeek.conn.local_resp=db:zeek.conn.local_resp;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Local Responder;help:Local Responder +zeek.conn.missed_bytes=db:zeek.conn.missed_bytes;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Missed Bytes;help:Missed Bytes +zeek.conn.history=db:zeek.conn.history;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Connection Flags History;help:Connection Flags History +zeek.conn.orig_pkts=db:zeek.conn.orig_pkts;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Originating Packets;help:Originating Packets +zeek.conn.orig_ip_bytes=db:zeek.conn.orig_ip_bytes;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Originating IP Bytes;help:Originating IP Bytes +zeek.conn.resp_pkts=db:zeek.conn.resp_pkts;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Responding Packets;help:Responding Packets +zeek.conn.resp_ip_bytes=db:zeek.conn.resp_ip_bytes;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Responding IP Bytes;help:Responding IP Bytes +zeek.conn.tunnel_parents=db:zeek.conn.tunnel_parents;group:zeek_conn;kind:termfield;viewerOnly:true;friendly:Tunnel Connection ID;help:Tunnel Connection ID +zeek.conn.vlan=db:zeek.conn.vlan;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Outer VLAN;help:Outer VLAN +zeek.conn.inner_vlan=db:zeek.conn.inner_vlan;group:zeek_conn;kind:integer;viewerOnly:true;friendly:Inner VLAN;help:Inner VLAN # bacnet.log # https://github.com/cisagov/ICSNPP -zeek.bacnet.bvlc_function=db:zeek.bacnet.bvlc_function;group:zeek_bacnet;kind:termfield;friendly:BVLC Function;help:BVLC Function -zeek.bacnet.invoke_id=db:zeek.bacnet.invoke_id;group:zeek_bacnet;kind:integer;friendly:Invoke ID;help:Invoke ID -zeek.bacnet.pdu_service=db:zeek.bacnet.pdu_service;group:zeek_bacnet;kind:termfield;friendly:APDU Service Choice;help:APDU Service Choice -zeek.bacnet.pdu_type=db:zeek.bacnet.pdu_type;group:zeek_bacnet;kind:termfield;friendly:APDU Service Type;help:APDU Service Type -zeek.bacnet.result_code=db:zeek.bacnet.result_code;group:zeek_bacnet;kind:termfield;friendly:Result Code;help:Result Code -zeek.bacnet.instance_number=db:zeek.bacnet.instance_number;group:zeek_bacnet;kind:integer;friendly:Instance Number;help:Instance Number +zeek.bacnet.bvlc_function=db:zeek.bacnet.bvlc_function;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:BVLC Function;help:BVLC Function +zeek.bacnet.invoke_id=db:zeek.bacnet.invoke_id;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Invoke ID;help:Invoke ID +zeek.bacnet.pdu_service=db:zeek.bacnet.pdu_service;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:APDU Service Choice;help:APDU Service Choice +zeek.bacnet.pdu_type=db:zeek.bacnet.pdu_type;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:APDU Service Type;help:APDU Service Type +zeek.bacnet.result_code=db:zeek.bacnet.result_code;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Result Code;help:Result Code +zeek.bacnet.instance_number=db:zeek.bacnet.instance_number;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Instance Number;help:Instance Number # bacnet_device_control.log # https://github.com/cisagov/ICSNPP -zeek.bacnet_device_control.pdu_service=db:zeek.bacnet_device_control.pdu_service;group:zeek_bacnet;kind:term;friendly:APDU Service Choice;help:APDU Service Choice -zeek.bacnet_device_control.time_duration=db:zeek.bacnet_device_control.time_duration;group:zeek_bacnet;kind:integer;friendly:Ignore Duration;help:Ignore Duration -zeek.bacnet_device_control.device_state=db:zeek.bacnet_device_control.device_state;group:zeek_bacnet;kind:term;friendly:Device State;help:Device State -zeek.bacnet_device_control.result=db:zeek.bacnet_device_control.result;group:zeek_bacnet;kind:term;friendly:Result;help:Result -zeek.bacnet_device_control.result_code=db:zeek.bacnet_device_control.result_code;group:zeek_bacnet;kind:term;friendly:Result Code;help:Result Code +zeek.bacnet_device_control.time_duration=db:zeek.bacnet_device_control.time_duration;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Ignore Duration;help:Ignore Duration +zeek.bacnet_device_control.device_state=db:zeek.bacnet_device_control.device_state;group:zeek_bacnet;kind:term;viewerOnly:true;friendly:Device State;help:Device State +zeek.bacnet_device_control.result=db:zeek.bacnet_device_control.result;group:zeek_bacnet;kind:term;viewerOnly:true;friendly:Result;help:Result +zeek.bacnet_device_control.result_code=db:zeek.bacnet_device_control.result_code;group:zeek_bacnet;kind:term;viewerOnly:true;friendly:Result Code;help:Result Code # bacnet_discovery.log # https://github.com/cisagov/ICSNPP -zeek.bacnet_discovery.object_name=db:zeek.bacnet_discovery.object_name;group:zeek_bacnet;kind:termfield;friendly:Object Name;help:Object Name -zeek.bacnet_discovery.object_type=db:zeek.bacnet_discovery.object_type;group:zeek_bacnet;kind:termfield;friendly:Object Type;help:Object Type -zeek.bacnet_discovery.pdu_service=db:zeek.bacnet_discovery.pdu_service;group:zeek_bacnet;kind:termfield;friendly:APDU Service;help:APDU Service -zeek.bacnet_discovery.range=db:zeek.bacnet_discovery.range;group:zeek_bacnet;kind:termfield;friendly:Range;help:Range -zeek.bacnet_discovery.range_high=db:zeek.bacnet_discovery.range_high;group:zeek_bacnet;kind:integer;friendly:Range High;help:Range High -zeek.bacnet_discovery.range_low=db:zeek.bacnet_discovery.range_low;group:zeek_bacnet;kind:integer;friendly:Range Low;help:Range Low -zeek.bacnet_discovery.vendor=db:zeek.bacnet_discovery.vendor;group:zeek_bacnet;kind:termfield;friendly:Vendor Name;help:Vendor Name +zeek.bacnet_discovery.object_name=db:zeek.bacnet_discovery.object_name;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Object Name;help:Object Name +zeek.bacnet_discovery.object_type=db:zeek.bacnet_discovery.object_type;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Object Type;help:Object Type +zeek.bacnet_discovery.range=db:zeek.bacnet_discovery.range;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Range;help:Range +zeek.bacnet_discovery.range_high=db:zeek.bacnet_discovery.range_high;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Range High;help:Range High +zeek.bacnet_discovery.range_low=db:zeek.bacnet_discovery.range_low;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Range Low;help:Range Low +zeek.bacnet_discovery.vendor=db:zeek.bacnet_discovery.vendor;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Vendor Name;help:Vendor Name # bacnet_property.log # https://github.com/cisagov/ICSNPP -zeek.bacnet_property.array_index=db:zeek.bacnet_property.array_index;group:zeek_bacnet;kind:integer;friendly:Array Index;help:Array Index -zeek.bacnet_property.object_type=db:zeek.bacnet_property.object_type;group:zeek_bacnet;kind:termfield;friendly:Object Type;help:Object Type -zeek.bacnet_property.pdu_service=db:zeek.bacnet_property.pdu_service;group:zeek_bacnet;kind:termfield;friendly:APDU Service;help:APDU Service -zeek.bacnet_property.property=db:zeek.bacnet_property.property;group:zeek_bacnet;kind:termfield;friendly:Property Type;help:Property Type -zeek.bacnet_property.value=db:zeek.bacnet_property.value;group:zeek_bacnet;kind:termfield;friendly:Value;help:Value +zeek.bacnet_property.array_index=db:zeek.bacnet_property.array_index;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Array Index;help:Array Index +zeek.bacnet_property.object_type=db:zeek.bacnet_property.object_type;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Object Type;help:Object Type +zeek.bacnet_property.property=db:zeek.bacnet_property.property;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Property Type;help:Property Type +zeek.bacnet_property.value=db:zeek.bacnet_property.value;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Value;help:Value # bestguess.log -zeek.bestguess.name=db:zeek.bestguess.name;group:zeek_bestguess;kind:termfield;friendly:Best Guess Name;help:Best Guess Name -zeek.bestguess.category=db:zeek.bestguess.category;group:zeek_bestguess;kind:termfield;friendly:Best Guess Category;help:Best Guess Category +zeek.bestguess.name=db:zeek.bestguess.name;group:zeek_bestguess;kind:termfield;viewerOnly:true;friendly:Best Guess Name;help:Best Guess Name +zeek.bestguess.category=db:zeek.bestguess.category;group:zeek_bestguess;kind:termfield;viewerOnly:true;friendly:Best Guess Category;help:Best Guess Category # bsap_ip_header.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_ip_parser -zeek.bsap_ip_header.num_msg=db:zeek.bsap_ip_header.num_msg;group:zeek_bsap;kind:integer;friendly:Functions per Message;help:Functions per Message -zeek.bsap_ip_header.type_name=db:zeek.bsap_ip_header.type_name;group:zeek_bsap;kind:termfield;friendly:Message Type;help:Message Type +zeek.bsap_ip_header.num_msg=db:zeek.bsap_ip_header.num_msg;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Functions per Message;help:Functions per Message +zeek.bsap_ip_header.type_name=db:zeek.bsap_ip_header.type_name;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Message Type;help:Message Type # bsap_ip_rdb.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_ip_parser -zeek.bsap_ip_rdb.app_func_code=db:zeek.bsap_ip_rdb.app_func_code;group:zeek_bsap;kind:termfield;friendly:Application Function;help:Application Function -zeek.bsap_ip_rdb.variables.var=db:zeek.bsap_ip_rdb.variables.var;group:zeek_bsap;kind:termfield;friendly:RDB Variable;help:RDB Variable -zeek.bsap_ip_rdb.variables.val=db:zeek.bsap_ip_rdb.variables.val;group:zeek_bsap;kind:termfield;friendly:RDB Variable Value;help:RDB Variable Value -zeek.bsap_ip_rdb.variable_count=db:zeek.bsap_ip_rdb.variable_count;group:zeek_bsap;kind:integer;friendly:RDB Variable Count;help:RDB Variable Count -zeek.bsap_ip_rdb.func_code=db:zeek.bsap_ip_rdb.func_code;group:zeek_bsap;kind:termfield;friendly:Application Subfunction;help:Application Subfunction -zeek.bsap_ip_rdb.header_size=db:zeek.bsap_ip_rdb.header_size;group:zeek_bsap;kind:integer;friendly:Header Length;help:Header Length -zeek.bsap_ip_rdb.mes_seq=db:zeek.bsap_ip_rdb.mes_seq;group:zeek_bsap;kind:integer;friendly:Message Sequence;help:Message Sequence -zeek.bsap_ip_rdb.node_status=db:zeek.bsap_ip_rdb.node_status;group:zeek_bsap;kind:integer;friendly:Node Status;help:Node Status -zeek.bsap_ip_rdb.res_seq=db:zeek.bsap_ip_rdb.res_seq;group:zeek_bsap;kind:integer;friendly:Response Sequence;help:Response Sequence -zeek.bsap_ip_rdb.sequence=db:zeek.bsap_ip_rdb.sequence;group:zeek_bsap;kind:integer;friendly:Function Sequence;help:Function Sequence +zeek.bsap_ip_rdb.app_func_code=db:zeek.bsap_ip_rdb.app_func_code;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Application Function;help:Application Function +zeek.bsap_ip_rdb.variables.var=db:zeek.bsap_ip_rdb.variables.var;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Variable;help:RDB Variable +zeek.bsap_ip_rdb.variables.val=db:zeek.bsap_ip_rdb.variables.val;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Variable Value;help:RDB Variable Value +zeek.bsap_ip_rdb.variable_count=db:zeek.bsap_ip_rdb.variable_count;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:RDB Variable Count;help:RDB Variable Count +zeek.bsap_ip_rdb.func_code=db:zeek.bsap_ip_rdb.func_code;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Application Subfunction;help:Application Subfunction +zeek.bsap_ip_rdb.header_size=db:zeek.bsap_ip_rdb.header_size;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Header Length;help:Header Length +zeek.bsap_ip_rdb.mes_seq=db:zeek.bsap_ip_rdb.mes_seq;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Message Sequence;help:Message Sequence +zeek.bsap_ip_rdb.node_status=db:zeek.bsap_ip_rdb.node_status;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Node Status;help:Node Status +zeek.bsap_ip_rdb.res_seq=db:zeek.bsap_ip_rdb.res_seq;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Response Sequence;help:Response Sequence +zeek.bsap_ip_rdb.sequence=db:zeek.bsap_ip_rdb.sequence;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Function Sequence;help:Function Sequence # bsap_serial_header.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser -zeek.bsap_serial_header.ctl=db:zeek.bsap_serial_header.ctl;group:zeek_bsap;kind:integer;friendly:Control Byte;help:Control Byte -zeek.bsap_serial_header.dadd=db:zeek.bsap_serial_header.dadd;group:zeek_bsap;kind:integer;friendly:Destination Address;help:Destination Address -zeek.bsap_serial_header.dfun=db:zeek.bsap_serial_header.dfun;group:zeek_bsap;kind:termfield;friendly:Destination Function;help:Destination Function -zeek.bsap_serial_header.nsb=db:zeek.bsap_serial_header.nsb;group:zeek_bsap;kind:integer;friendly:Node Status;help:Node Statussb -zeek.bsap_serial_header.sadd=db:zeek.bsap_serial_header.sadd;group:zeek_bsap;kind:integer;friendly:Source Address;help:Source Address -zeek.bsap_serial_header.seq=db:zeek.bsap_serial_header.seq;group:zeek_bsap;kind:integer;friendly:Message Sequence;help:Message Sequence -zeek.bsap_serial_header.ser=db:zeek.bsap_serial_header.ser;group:zeek_bsap;kind:termfield;friendly:Message Serial Number;help:Message Serial Number -zeek.bsap_serial_header.sfun=db:zeek.bsap_serial_header.sfun;group:zeek_bsap;kind:termfield;friendly:Source Function;help:Source Function -zeek.bsap_serial_header.type_name=db:zeek.bsap_serial_header.type_name;group:zeek_bsap;kind:termfield;friendly:Message Type;help:Message Type +zeek.bsap_serial_header.ctl=db:zeek.bsap_serial_header.ctl;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Control Byte;help:Control Byte +zeek.bsap_serial_header.dadd=db:zeek.bsap_serial_header.dadd;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Destination Address;help:Destination Address +zeek.bsap_serial_header.dfun=db:zeek.bsap_serial_header.dfun;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Destination Function;help:Destination Function +zeek.bsap_serial_header.nsb=db:zeek.bsap_serial_header.nsb;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Node Status;help:Node Statussb +zeek.bsap_serial_header.sadd=db:zeek.bsap_serial_header.sadd;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Source Address;help:Source Address +zeek.bsap_serial_header.seq=db:zeek.bsap_serial_header.seq;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Message Sequence;help:Message Sequence +zeek.bsap_serial_header.ser=db:zeek.bsap_serial_header.ser;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Message Serial Number;help:Message Serial Number +zeek.bsap_serial_header.sfun=db:zeek.bsap_serial_header.sfun;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Source Function;help:Source Function +zeek.bsap_serial_header.type_name=db:zeek.bsap_serial_header.type_name;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Message Type;help:Message Type # bsap_serial_rdb.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser -zeek.bsap_serial_rdb.variables.var=db:zeek.bsap_serial_rdb.variables.var;group:zeek_bsap;kind:termfield;friendly:RDB Variable;help:RDB Variable -zeek.bsap_serial_rdb.variables.val=db:zeek.bsap_serial_rdb.variables.val;group:zeek_bsap;kind:termfield;friendly:RDB Variable Value;help:RDB Variable Value -zeek.bsap_serial_rdb.variable_count=db:zeek.bsap_serial_rdb.variable_count;group:zeek_bsap;kind:integer;friendly:RDB Variable Count;help:RDB Variable Count -zeek.bsap_serial_rdb.func_code=db:zeek.bsap_serial_rdb.func_code;group:zeek_bsap;kind:termfield;friendly:RDB Function;help:RDB Function +zeek.bsap_serial_rdb.variables.var=db:zeek.bsap_serial_rdb.variables.var;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Variable;help:RDB Variable +zeek.bsap_serial_rdb.variables.val=db:zeek.bsap_serial_rdb.variables.val;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Variable Value;help:RDB Variable Value +zeek.bsap_serial_rdb.variable_count=db:zeek.bsap_serial_rdb.variable_count;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:RDB Variable Count;help:RDB Variable Count +zeek.bsap_serial_rdb.func_code=db:zeek.bsap_serial_rdb.func_code;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Function;help:RDB Function # bsap_serial_rdb_ext.log # https://github.com/cisagov/ICSNPP/tree/master/zeek_bsap_serial_parser -zeek.bsap_serial_rdb_ext.data=db:zeek.bsap_serial_rdb_ext.data;group:zeek_bsap;kind:termfield;friendly:RDB Ext Function Data;help:RDB Ext Function Data -zeek.bsap_serial_rdb_ext.dfun=db:zeek.bsap_serial_rdb_ext.dfun;group:zeek_bsap;kind:termfield;friendly:Destination Function;help:Destination Function -zeek.bsap_serial_rdb_ext.extfun=db:zeek.bsap_serial_rdb_ext.extfun;group:zeek_bsap;kind:termfield;friendly:RDB Ext Function;help:RDB Ext Function -zeek.bsap_serial_rdb_ext.nsb=db:zeek.bsap_serial_rdb_ext.nsb;group:zeek_bsap;kind:integer;friendly:Node Status;help:Node Status -zeek.bsap_serial_rdb_ext.seq=db:zeek.bsap_serial_rdb_ext.seq;group:zeek_bsap;kind:integer;friendly:Message Sequence;help:Message Sequence -zeek.bsap_serial_rdb_ext.sfun=db:zeek.bsap_serial_rdb_ext.sfun;group:zeek_bsap;kind:termfield;friendly:Source Function;help:Source Function +zeek.bsap_serial_rdb_ext.data=db:zeek.bsap_serial_rdb_ext.data;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Ext Function Data;help:RDB Ext Function Data +zeek.bsap_serial_rdb_ext.dfun=db:zeek.bsap_serial_rdb_ext.dfun;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Destination Function;help:Destination Function +zeek.bsap_serial_rdb_ext.extfun=db:zeek.bsap_serial_rdb_ext.extfun;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:RDB Ext Function;help:RDB Ext Function +zeek.bsap_serial_rdb_ext.nsb=db:zeek.bsap_serial_rdb_ext.nsb;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Node Status;help:Node Status +zeek.bsap_serial_rdb_ext.seq=db:zeek.bsap_serial_rdb_ext.seq;group:zeek_bsap;kind:integer;viewerOnly:true;friendly:Message Sequence;help:Message Sequence +zeek.bsap_serial_rdb_ext.sfun=db:zeek.bsap_serial_rdb_ext.sfun;group:zeek_bsap;kind:termfield;viewerOnly:true;friendly:Source Function;help:Source Function # cip.log # https://github.com/cisagov/ICSNPP -zeek.cip.attribute_id=db:zeek.cip.attribute_id;group:zeek_cip;kind:termfield;friendly:Attribute ID;help:Attribute ID -zeek.cip.cip_sequence_count=db:zeek.cip.cip_sequence_count;group:zeek_cip;kind:integer;friendly:CIP Sequence Number;help:CIP Sequence Number -zeek.cip.cip_service=db:zeek.cip.cip_service;group:zeek_cip;kind:termfield;friendly:CIP Service;help:CIP Service -zeek.cip.cip_service_code=db:zeek.cip.cip_service_code;group:zeek_cip;kind:termfield;friendly:CIP Service Code;help:CIP Service Code -zeek.cip.cip_status=db:zeek.cip.cip_status;group:zeek_cip;kind:termfield;friendly:CIP Status;help:CIP Status -zeek.cip.class_id=db:zeek.cip.class_id;group:zeek_cip;kind:termfield;friendly:Class ID;help:Class ID -zeek.cip.class_name=db:zeek.cip.class_name;group:zeek_cip;kind:termfield;friendly:Class Name;help:Class Name -zeek.cip.direction=db:zeek.cip.direction;group:zeek_cip;kind:termfield;friendly:Direction;help:Direction -zeek.cip.instance_id=db:zeek.cip.instance_id;group:zeek_cip;kind:termfield;friendly:Instance ID;help:Instance ID -zeek.cip.cip_status_code=db:zeek.cip.cip_status_code;group:zeek_cip;kind:termfield;friendly:Status Code;help:Status Code -zeek.cip.cip_extended_status_code=db:zeek.cip.cip_extended_status_code;group:zeek_cip;kind:termfield;friendly:Extended Status Code;help:Extended Status Code -zeek.cip.cip_extended_status=db:zeek.cip.cip_extended_status;group:zeek_cip;kind:termfield;friendly:Extended Status;help:Extended Status +zeek.cip.attribute_id=db:zeek.cip.attribute_id;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Attribute ID;help:Attribute ID +zeek.cip.cip_sequence_count=db:zeek.cip.cip_sequence_count;group:zeek_cip;kind:integer;viewerOnly:true;friendly:CIP Sequence Number;help:CIP Sequence Number +zeek.cip.cip_service=db:zeek.cip.cip_service;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:CIP Service;help:CIP Service +zeek.cip.cip_service_code=db:zeek.cip.cip_service_code;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:CIP Service Code;help:CIP Service Code +zeek.cip.cip_status=db:zeek.cip.cip_status;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:CIP Status;help:CIP Status +zeek.cip.class_id=db:zeek.cip.class_id;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Class ID;help:Class ID +zeek.cip.class_name=db:zeek.cip.class_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Class Name;help:Class Name +zeek.cip.direction=db:zeek.cip.direction;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Direction;help:Direction +zeek.cip.instance_id=db:zeek.cip.instance_id;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Instance ID;help:Instance ID +zeek.cip.cip_status_code=db:zeek.cip.cip_status_code;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Status Code;help:Status Code +zeek.cip.cip_extended_status_code=db:zeek.cip.cip_extended_status_code;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Extended Status Code;help:Extended Status Code +zeek.cip.cip_extended_status=db:zeek.cip.cip_extended_status;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Extended Status;help:Extended Status # cip_identity.log # https://github.com/cisagov/ICSNPP -zeek.cip_identity.encapsulation_version=db:zeek.cip_identity.encapsulation_version;group:zeek_cip;kind:integer;friendly:Encapsulation Version;help:Encapsulation Version -zeek.cip_identity.socket_address=db:zeek.cip_identity.socket_address;group:zeek_cip;kind:termfield;friendly:Socket Address;help:Socket Address -zeek.cip_identity.socket_address_geo.city_name=db:zeek.cip_identity.socket_address_geo.city_name;group:zeek_cip;kind:termfield;friendly:Socket Address GeoIP City;help:Socket Address GeoIP City -zeek.cip_identity.socket_address_geo.country_name=db:zeek.cip_identity.socket_address_geo.country_name;group:zeek_cip;kind:termfield;friendly:Socket Address GeoIP Country;help:Socket Address GeoIP Country -zeek.cip_identity.socket_address_asn=db:zeek.cip_identity.socket_address_asn;group:zeek_cip;kind:termfield;friendly:Socket Address ASN;help:Socket Address ASN -zeek.cip_identity.socket_port=db:zeek.cip_identity.socket_port;group:zeek_cip;kind:integer;friendly:Socket Port;help:Socket Port -zeek.cip_identity.vendor_id=db:zeek.cip_identity.vendor_id;group:zeek_cip;kind:integer;friendly:Vendor ID;help:Vendor ID -zeek.cip_identity.vendor_name=db:zeek.cip_identity.vendor_name;group:zeek_cip;kind:termfield;friendly:Vendor Name;help:Vendor Name -zeek.cip_identity.device_type_id=db:zeek.cip_identity.device_type_id;group:zeek_cip;kind:integer;friendly:Device Type ID;help:Device Type ID -zeek.cip_identity.device_type_name=db:zeek.cip_identity.device_type_name;group:zeek_cip;kind:termfield;friendly:Device Type Name;help:Device Type Name -zeek.cip_identity.product_code=db:zeek.cip_identity.product_code;group:zeek_cip;kind:integer;friendly:Product Code;help:Product Code -zeek.cip_identity.revision=db:zeek.cip_identity.revision;group:zeek_cip;kind:termfield;friendly:Device Revision;help:Device Revision -zeek.cip_identity.device_status=db:zeek.cip_identity.device_status;group:zeek_cip;kind:termfield;friendly:Device Status;help:Device Status -zeek.cip_identity.serial_number=db:zeek.cip_identity.serial_number;group:zeek_cip;kind:termfield;friendly:Serial Number;help:Serial Number -zeek.cip_identity.product_name=db:zeek.cip_identity.product_name;group:zeek_cip;kind:termfield;friendly:Product Name;help:Product Name -zeek.cip_identity.device_state=db:zeek.cip_identity.device_state;group:zeek_cip;kind:termfield;friendly:Device State;help:Device State +zeek.cip_identity.encapsulation_version=db:zeek.cip_identity.encapsulation_version;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Encapsulation Version;help:Encapsulation Version +zeek.cip_identity.socket_address=db:zeek.cip_identity.socket_address;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Socket Address;help:Socket Address +zeek.cip_identity.socket_address_geo.city_name=db:zeek.cip_identity.socket_address_geo.city_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Socket Address GeoIP City;help:Socket Address GeoIP City +zeek.cip_identity.socket_address_geo.country_name=db:zeek.cip_identity.socket_address_geo.country_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Socket Address GeoIP Country;help:Socket Address GeoIP Country +zeek.cip_identity.socket_address_asn=db:zeek.cip_identity.socket_address_asn;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Socket Address ASN;help:Socket Address ASN +zeek.cip_identity.socket_port=db:zeek.cip_identity.socket_port;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Socket Port;help:Socket Port +zeek.cip_identity.vendor_id=db:zeek.cip_identity.vendor_id;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Vendor ID;help:Vendor ID +zeek.cip_identity.vendor_name=db:zeek.cip_identity.vendor_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Vendor Name;help:Vendor Name +zeek.cip_identity.device_type_id=db:zeek.cip_identity.device_type_id;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Device Type ID;help:Device Type ID +zeek.cip_identity.device_type_name=db:zeek.cip_identity.device_type_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Device Type Name;help:Device Type Name +zeek.cip_identity.product_code=db:zeek.cip_identity.product_code;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Product Code;help:Product Code +zeek.cip_identity.revision=db:zeek.cip_identity.revision;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Device Revision;help:Device Revision +zeek.cip_identity.device_status=db:zeek.cip_identity.device_status;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Device Status;help:Device Status +zeek.cip_identity.serial_number=db:zeek.cip_identity.serial_number;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Serial Number;help:Serial Number +zeek.cip_identity.product_name=db:zeek.cip_identity.product_name;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Product Name;help:Product Name +zeek.cip_identity.device_state=db:zeek.cip_identity.device_state;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Device State;help:Device State # cip_io.log # https://github.com/cisagov/ICSNPP -zeek.cip_io.connection_id=db:zeek.cip_io.connection_id;group:zeek_cip;kind:termfield;friendly:Connection ID;help:Connection ID -zeek.cip_io.data_length=db:zeek.cip_io.data_length;group:zeek_cip;kind:integer;friendly:Data Length;help:Data Length -zeek.cip_io.io_data=db:zeek.cip_io.io_data;group:zeek_cip;kind:termfield;friendly:Transport Data;help:Transport Data -zeek.cip_io.sequence_number=db:zeek.cip_io.sequence_number;group:zeek_cip;kind:integer;friendly:Sequence Number;help:Sequence Number +zeek.cip_io.connection_id=db:zeek.cip_io.connection_id;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Connection ID;help:Connection ID +zeek.cip_io.data_length=db:zeek.cip_io.data_length;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Data Length;help:Data Length +zeek.cip_io.io_data=db:zeek.cip_io.io_data;group:zeek_cip;kind:termfield;viewerOnly:true;friendly:Transport Data;help:Transport Data +zeek.cip_io.sequence_number=db:zeek.cip_io.sequence_number;group:zeek_cip;kind:integer;viewerOnly:true;friendly:Sequence Number;help:Sequence Number # dce_rpc.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dce-rpc/main.zeek.html#type-DCE_RPC::Info -zeek.dce_rpc.rtt=db:zeek.dce_rpc.rtt;group:zeek_dce_rpc;kind:termfield;friendly:Round Trip Time;help:Round Trip Time -zeek.dce_rpc.named_pipe=db:zeek.dce_rpc.named_pipe;group:zeek_dce_rpc;kind:termfield;friendly:Remote Pipe;help:Remote Pipe -zeek.dce_rpc.endpoint=db:zeek.dce_rpc.endpoint;group:zeek_dce_rpc;kind:termfield;friendly:Endpoint;help:Endpoint -zeek.dce_rpc.operation=db:zeek.dce_rpc.operation;group:zeek_dce_rpc;kind:termfield;friendly:Operation;help:Operation +zeek.dce_rpc.rtt=db:zeek.dce_rpc.rtt;group:zeek_dce_rpc;kind:termfield;viewerOnly:true;friendly:Round Trip Time;help:Round Trip Time +zeek.dce_rpc.named_pipe=db:zeek.dce_rpc.named_pipe;group:zeek_dce_rpc;kind:termfield;viewerOnly:true;friendly:Remote Pipe;help:Remote Pipe +zeek.dce_rpc.endpoint=db:zeek.dce_rpc.endpoint;group:zeek_dce_rpc;kind:termfield;viewerOnly:true;friendly:Endpoint;help:Endpoint +zeek.dce_rpc.operation=db:zeek.dce_rpc.operation;group:zeek_dce_rpc;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation # dhcp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dhcp/main.zeek.html#type-DHCP::Info -zeek.dhcp.mac=db:zeek.dhcp.mac;group:zeek_dhcp;kind:termfield;friendly:Client MAC;help:Client MAC -zeek.dhcp.assigned_ip=db:zeek.dhcp.assigned_ip;group:zeek_dhcp;kind:termfield;friendly:Assigned IP;help:Assigned IP -zeek.dhcp.lease_time=db:zeek.dhcp.lease_time;group:zeek_dhcp;kind:termfield;friendly:Lease Time;help:Lease Time -zeek.dhcp.trans_id=db:zeek.dhcp.trans_id;group:zeek_dhcp;kind:termfield;friendly:dhcp Transaction ID;help:dhcp Transaction ID -zeek.dhcp.client_fqdn=db:zeek.dhcp.client_fqdn;group:zeek_dhcp;kind:termfield;friendly:Client FQDN;help:Client FQDN -zeek.dhcp.client_message=db:zeek.dhcp.client_message;group:zeek_dhcp;kind:termfield;friendly:Client Message;help:Client Message -zeek.dhcp.domain=db:zeek.dhcp.domain;group:zeek_dhcp;kind:termfield;friendly:Domain;help:Domain -zeek.dhcp.duration=db:zeek.dhcp.duration;group:zeek_dhcp;kind:termfield;friendly:Duration;help:Duration -zeek.dhcp.host_name=db:zeek.dhcp.host_name;group:zeek_dhcp;kind:termfield;friendly:Hostname;help:Hostname -zeek.dhcp.msg_types=db:zeek.dhcp.msg_types;group:zeek_dhcp;kind:termfield;friendly:Message Types;help:Message Types -zeek.dhcp.requested_ip=db:zeek.dhcp.requested_ip;group:zeek_dhcp;kind:termfield;friendly:Requested IP;help:Requested IP -zeek.dhcp.server_message=db:zeek.dhcp.server_message;group:zeek_dhcp;kind:termfield;friendly:Server Message;help:Server Message -zeek.dhcp.client_software=db:zeek.dhcp.client_software;group:zeek_dhcp;kind:termfield;friendly:Client Software;help:Client Software -zeek.dhcp.server_software=db:zeek.dhcp.server_software;group:zeek_dhcp;kind:termfield;friendly:Server Software;help:Server Software +zeek.dhcp.mac=db:zeek.dhcp.mac;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Client MAC;help:Client MAC +zeek.dhcp.assigned_ip=db:zeek.dhcp.assigned_ip;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Assigned IP;help:Assigned IP +zeek.dhcp.lease_time=db:zeek.dhcp.lease_time;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Lease Time;help:Lease Time +zeek.dhcp.trans_id=db:zeek.dhcp.trans_id;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:dhcp Transaction ID;help:dhcp Transaction ID +zeek.dhcp.client_fqdn=db:zeek.dhcp.client_fqdn;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Client FQDN;help:Client FQDN +zeek.dhcp.client_message=db:zeek.dhcp.client_message;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Client Message;help:Client Message +zeek.dhcp.domain=db:zeek.dhcp.domain;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Domain;help:Domain +zeek.dhcp.duration=db:zeek.dhcp.duration;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Duration;help:Duration +zeek.dhcp.host_name=db:zeek.dhcp.host_name;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Hostname;help:Hostname +zeek.dhcp.msg_types=db:zeek.dhcp.msg_types;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Message Types;help:Message Types +zeek.dhcp.requested_ip=db:zeek.dhcp.requested_ip;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Requested IP;help:Requested IP +zeek.dhcp.server_message=db:zeek.dhcp.server_message;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Server Message;help:Server Message +zeek.dhcp.client_software=db:zeek.dhcp.client_software;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Client Software;help:Client Software +zeek.dhcp.server_software=db:zeek.dhcp.server_software;group:zeek_dhcp;kind:termfield;viewerOnly:true;friendly:Server Software;help:Server Software # dnp3.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dnp3/main.zeek.html#type-DNP3::Info -zeek.dnp3.fc_request=db:zeek.dnp3.fc_request;group:zeek_dnp3;kind:termfield;friendly:Request Function Message;help:Request Function Message -zeek.dnp3.fc_reply=db:zeek.dnp3.fc_reply;group:zeek_dnp3;kind:termfield;friendly:Reply Function Message;help:Reply Function Message -zeek.dnp3.iin=db:zeek.dnp3.iin;group:zeek_dnp3;kind:termfield;friendly:Internal Indication Number;help:Internal Indication Number -zeek.dnp3.iin_flags=db:zeek.dnp3.iin_flags;group:zeek_dnp3;kind:termfield;friendly:Internal Indicators;help:Internal Indicators +zeek.dnp3.fc_request=db:zeek.dnp3.fc_request;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Request Function Message;help:Request Function Message +zeek.dnp3.fc_reply=db:zeek.dnp3.fc_reply;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Reply Function Message;help:Reply Function Message +zeek.dnp3.iin=db:zeek.dnp3.iin;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Internal Indication Number;help:Internal Indication Number +zeek.dnp3.iin_flags=db:zeek.dnp3.iin_flags;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Internal Indicators;help:Internal Indicators # dnp3_control.log # https://github.com/cisagov/ICSNPP -zeek.dnp3_control.block_type=db:zeek.dnp3_control.block_type;group:zeek_dnp3;kind:termfield;friendly:Control Block Type;help:Control Block Type -zeek.dnp3_control.function_code=db:zeek.dnp3_control.function_code;group:zeek_dnp3;kind:termfield;friendly:DNP3 Function Code;help:DNP3 Function Code -zeek.dnp3_control.index_number=db:zeek.dnp3_control.index_number;group:zeek_dnp3;kind:integer;friendly:Object Index Number;help:Object Index Number -zeek.dnp3_control.trip_control_code=db:zeek.dnp3_control.trip_control_code;group:zeek_dnp3;kind:termfield;friendly:Trip Control Code;help:Trip Control Code -zeek.dnp3_control.operation_type=db:zeek.dnp3_control.operation_type;group:zeek_dnp3;kind:termfield;friendly:Operation Type;help:Operation Type -zeek.dnp3_control.execute_count=db:zeek.dnp3_control.execute_count;group:zeek_dnp3;kind:integer;friendly:Execute Count;help:Execute Count -zeek.dnp3_control.on_time=db:zeek.dnp3_control.on_time;group:zeek_dnp3;kind:integer;friendly:On Time;help:On Time -zeek.dnp3_control.off_time=db:zeek.dnp3_control.off_time;group:zeek_dnp3;kind:integer;friendly:Off Time;help:Off Time -zeek.dnp3_control.status_code=db:zeek.dnp3_control.status_code;group:zeek_dnp3;kind:termfield;friendly:Status Code;help:Status Code +zeek.dnp3_control.block_type=db:zeek.dnp3_control.block_type;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Control Block Type;help:Control Block Type +zeek.dnp3_control.function_code=db:zeek.dnp3_control.function_code;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:DNP3 Function Code;help:DNP3 Function Code +zeek.dnp3_control.index_number=db:zeek.dnp3_control.index_number;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Object Index Number;help:Object Index Number +zeek.dnp3_control.trip_control_code=db:zeek.dnp3_control.trip_control_code;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Trip Control Code;help:Trip Control Code +zeek.dnp3_control.operation_type=db:zeek.dnp3_control.operation_type;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Operation Type;help:Operation Type +zeek.dnp3_control.execute_count=db:zeek.dnp3_control.execute_count;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Execute Count;help:Execute Count +zeek.dnp3_control.on_time=db:zeek.dnp3_control.on_time;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:On Time;help:On Time +zeek.dnp3_control.off_time=db:zeek.dnp3_control.off_time;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Off Time;help:Off Time +zeek.dnp3_control.status_code=db:zeek.dnp3_control.status_code;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Status Code;help:Status Code # dnp3_objects.log # https://github.com/cisagov/ICSNPP -zeek.dnp3_objects.function_code=db:zeek.dnp3_objects.function_code;group:zeek_dnp3;kind:termfield;friendly:Function Code;help:Function Code -zeek.dnp3_objects.object_type=db:zeek.dnp3_objects.object_type;group:zeek_dnp3;kind:termfield;friendly:Object Type;help:Object Type -zeek.dnp3_objects.object_count=db:zeek.dnp3_objects.object_count;group:zeek_dnp3;kind:integer;friendly:Object Count;help:Object Count -zeek.dnp3_objects.range_low=db:zeek.dnp3_objects.range_low;group:zeek_dnp3;kind:integer;friendly:Range Low;help:Range Low -zeek.dnp3_objects.range_high=db:zeek.dnp3_objects.range_high;group:zeek_dnp3;kind:integer;friendly:Range High;help:Range High +zeek.dnp3_objects.function_code=db:zeek.dnp3_objects.function_code;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Function Code;help:Function Code +zeek.dnp3_objects.object_type=db:zeek.dnp3_objects.object_type;group:zeek_dnp3;kind:termfield;viewerOnly:true;friendly:Object Type;help:Object Type +zeek.dnp3_objects.object_count=db:zeek.dnp3_objects.object_count;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Object Count;help:Object Count +zeek.dnp3_objects.range_low=db:zeek.dnp3_objects.range_low;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Range Low;help:Range Low +zeek.dnp3_objects.range_high=db:zeek.dnp3_objects.range_high;group:zeek_dnp3;kind:integer;viewerOnly:true;friendly:Range High;help:Range High # dns.log # https://docs.zeek.org/en/stable/scripts/base/protocols/dns/main.zeek.html#type-DNS::Info -zeek.dns.trans_id=db:zeek.dns.trans_id;group:zeek_dns;kind:termfield;friendly:Transaction ID;help:Transaction ID -zeek.dns.rtt=db:zeek.dns.rtt;group:zeek_dns;kind:termfield;friendly:Round Trip Time;help:Round Trip Time -zeek.dns.query=db:zeek.dns.query;group:zeek_dns;kind:termfield;friendly:Query;help:Query -zeek.dns.qclass=db:zeek.dns.qclass;group:zeek_dns;kind:termfield;friendly:Query Class Code;help:Query Class Code -zeek.dns.qclass_name=db:zeek.dns.qclass_name;group:zeek_dns;kind:termfield;friendly:Query Class;help:Query Class -zeek.dns.qtype=db:zeek.dns.qtype;group:zeek_dns;kind:termfield;friendly:Query Type Code;help:Query Type Code -zeek.dns.qtype_name=db:zeek.dns.qtype_name;group:zeek_dns;kind:termfield;friendly:Query Type;help:Query Type -zeek.dns.rcode=db:zeek.dns.rcode;group:zeek_dns;kind:integer;friendly:Response Code;help:Response Code -zeek.dns.rcode_name=db:zeek.dns.rcode_name;group:zeek_dns;kind:termfield;friendly:Response;help:Response -zeek.dns.AA=db:zeek.dns.AA;group:zeek_dns;kind:termfield;friendly:Authoritative Answer Bit;help:Authoritative Answer Bit -zeek.dns.TC=db:zeek.dns.TC;group:zeek_dns;kind:termfield;friendly:Truncation Bit;help:Truncation Bit -zeek.dns.RD=db:zeek.dns.RD;group:zeek_dns;kind:termfield;friendly:Recursion Desired Bit;help:Recursion Desired Bit -zeek.dns.RA=db:zeek.dns.RA;group:zeek_dns;kind:termfield;friendly:Recursion Available Bit;help:Recursion Available Bit -zeek.dns.Z=db:zeek.dns.Z;group:zeek_dns;kind:termfield;friendly:Z Bit;help:Z Bit -zeek.dns.answers=db:zeek.dns.answers;group:zeek_dns;kind:termfield;friendly:Answer;help:Answer -zeek.dns.TTLs=db:zeek.dns.TTLs;group:zeek_dns;kind:termfield;friendly:TTL;help:TTL -zeek.dns.rejected=db:zeek.dns.rejected;group:zeek_dns;kind:termfield;friendly:Rejected;help:Rejected +zeek.dns.trans_id=db:zeek.dns.trans_id;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Transaction ID;help:Transaction ID +zeek.dns.rtt=db:zeek.dns.rtt;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Round Trip Time;help:Round Trip Time +zeek.dns.query=db:zeek.dns.query;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query;help:Query +zeek.dns.qclass=db:zeek.dns.qclass;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query Class Code;help:Query Class Code +zeek.dns.qclass_name=db:zeek.dns.qclass_name;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query Class;help:Query Class +zeek.dns.qtype=db:zeek.dns.qtype;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query Type Code;help:Query Type Code +zeek.dns.qtype_name=db:zeek.dns.qtype_name;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Query Type;help:Query Type +zeek.dns.rcode=db:zeek.dns.rcode;group:zeek_dns;kind:integer;viewerOnly:true;friendly:Response Code;help:Response Code +zeek.dns.rcode_name=db:zeek.dns.rcode_name;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Response;help:Response +zeek.dns.AA=db:zeek.dns.AA;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Authoritative Answer Bit;help:Authoritative Answer Bit +zeek.dns.TC=db:zeek.dns.TC;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Truncation Bit;help:Truncation Bit +zeek.dns.RD=db:zeek.dns.RD;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Recursion Desired Bit;help:Recursion Desired Bit +zeek.dns.RA=db:zeek.dns.RA;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Recursion Available Bit;help:Recursion Available Bit +zeek.dns.Z=db:zeek.dns.Z;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Z Bit;help:Z Bit +zeek.dns.answers=db:zeek.dns.answers;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Answer;help:Answer +zeek.dns.TTLs=db:zeek.dns.TTLs;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:TTL;help:TTL +zeek.dns.rejected=db:zeek.dns.rejected;group:zeek_dns;kind:termfield;viewerOnly:true;friendly:Rejected;help:Rejected # dpd.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/dpd/main.zeek.html#type-DPD::Info -zeek.dpd.service=db:zeek.dpd.service;group:zeek_dpd;kind:termfield;friendly:Protocol;help:Protocol -zeek.dpd.failure_reason=db:zeek.dpd.failure_reason;group:zeek_dpd;kind:termfield;friendly:Failure Reason;help:Failure Reason +zeek.dpd.service=db:zeek.dpd.service;group:zeek_dpd;kind:termfield;viewerOnly:true;friendly:Protocol;help:Protocol +zeek.dpd.failure_reason=db:zeek.dpd.failure_reason;group:zeek_dpd;kind:termfield;viewerOnly:true;friendly:Failure Reason;help:Failure Reason # enip.log # https://github.com/cisagov/ICSNPP -zeek.enip.enip_command=db:zeek.enip.enip_command;group:zeek_enip;kind:termfield;friendly:EthernetIP Command;help:EthernetIP Command -zeek.enip.enip_command_code=db:zeek.enip.enip_command_code;group:zeek_enip;kind:termfield;friendly:EthernetIP Command Code;help:EthernetIP Command Code -zeek.enip.enip_status=db:zeek.enip.enip_status;group:zeek_enip;kind:termfield;friendly:EthernetIP Status;help:EthernetIP Status -zeek.enip.length=db:zeek.enip.length;group:zeek_enip;kind:integer;friendly:Packet Length;help:Packet Length -zeek.enip.options=db:zeek.enip.options;group:zeek_enip;kind:termfield;friendly:Options;help:Options -zeek.enip.sender_context=db:zeek.enip.sender_context;group:zeek_enip;kind:termfield;friendly:Sender Context;help:Sender Context -zeek.enip.session_handle=db:zeek.enip.session_handle;group:zeek_enip;kind:termfield;friendly:Session Number;help:Session Number +zeek.enip.enip_command=db:zeek.enip.enip_command;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:EthernetIP Command;help:EthernetIP Command +zeek.enip.enip_command_code=db:zeek.enip.enip_command_code;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:EthernetIP Command Code;help:EthernetIP Command Code +zeek.enip.enip_status=db:zeek.enip.enip_status;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:EthernetIP Status;help:EthernetIP Status +zeek.enip.length=db:zeek.enip.length;group:zeek_enip;kind:integer;viewerOnly:true;friendly:Packet Length;help:Packet Length +zeek.enip.options=db:zeek.enip.options;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:Options;help:Options +zeek.enip.sender_context=db:zeek.enip.sender_context;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:Sender Context;help:Sender Context +zeek.enip.session_handle=db:zeek.enip.session_handle;group:zeek_enip;kind:termfield;viewerOnly:true;friendly:Session Number;help:Session Number # ecat_registers.log # https://github.com/cisagov/ICSNPP -zeek.ecat_registers.command=db:zeek.ecat_registers.command;group:zeek_ecat;kind:termfield;friendly:Command;help:Command -zeek.ecat_registers.server_addr=db:zeek.ecat_registers.server_addr;group:zeek_ecat;kind:termfield;friendly:Server Address;help:Server Address -zeek.ecat_registers.register_type=db:zeek.ecat_registers.register_type;group:zeek_ecat;kind:termfield;friendly:Register Information;help:Register Information -zeek.ecat_registers.register_addr=db:zeek.ecat_registers.register_addr;group:zeek_ecat;kind:termfield;friendly:Register Address;help:Register Address -zeek.ecat_registers.data=db:zeek.ecat_registers.data;group:zeek_ecat;kind:termfield;friendly:Data;help:Data +zeek.ecat_registers.command=db:zeek.ecat_registers.command;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.ecat_registers.server_addr=db:zeek.ecat_registers.server_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Server Address;help:Server Address +zeek.ecat_registers.register_type=db:zeek.ecat_registers.register_type;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Register Information;help:Register Information +zeek.ecat_registers.register_addr=db:zeek.ecat_registers.register_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Register Address;help:Register Address +zeek.ecat_registers.data=db:zeek.ecat_registers.data;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data;help:Data # ecat_log_address.log # https://github.com/cisagov/ICSNPP -zeek.ecat_log_address.log_addr=db:zeek.ecat_log_address.log_addr;group:zeek_ecat;kind:termfield;friendly:Data Address;help:Data Address -zeek.ecat_log_address.length=db:zeek.ecat_log_address.length;group:zeek_ecat;kind:integer;friendly:Data Length;help:Data Length -zeek.ecat_log_address.command=db:zeek.ecat_log_address.command;group:zeek_ecat;kind:termfield;friendly:Command;help:Command -zeek.ecat_log_address.data=db:zeek.ecat_log_address.data;group:zeek_ecat;kind:termfield;friendly:Data;help:Data +zeek.ecat_log_address.log_addr=db:zeek.ecat_log_address.log_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data Address;help:Data Address +zeek.ecat_log_address.length=db:zeek.ecat_log_address.length;group:zeek_ecat;kind:integer;viewerOnly:true;friendly:Data Length;help:Data Length +zeek.ecat_log_address.command=db:zeek.ecat_log_address.command;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.ecat_log_address.data=db:zeek.ecat_log_address.data;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data;help:Data # ecat_dev_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_dev_info.server_id=db:zeek.ecat_dev_info.server_id;group:zeek_ecat;kind:termfield;friendly:Server Address;help:Server Address -zeek.ecat_dev_info.revision=db:zeek.ecat_dev_info.revision;group:zeek_ecat;kind:termfield;friendly:Revision;help:Revision -zeek.ecat_dev_info.dev_type=db:zeek.ecat_dev_info.dev_type;group:zeek_ecat;kind:termfield;friendly:Device Type;help:Device Type -zeek.ecat_dev_info.build=db:zeek.ecat_dev_info.build;group:zeek_ecat;kind:termfield;friendly:Build Version;help:Build Version -zeek.ecat_dev_info.fmmucnt=db:zeek.ecat_dev_info.fmmucnt;group:zeek_ecat;kind:termfield;friendly:Fieldbus MMU Channels;help:Fieldbus MMU Channels -zeek.ecat_dev_info.smcount=db:zeek.ecat_dev_info.smcount;group:zeek_ecat;kind:termfield;friendly:Sync Managers;help:Sync Managers -zeek.ecat_dev_info.ports=db:zeek.ecat_dev_info.ports;group:zeek_ecat;kind:termfield;friendly:Port Descriptor;help:Port Descriptor -zeek.ecat_dev_info.dpram=db:zeek.ecat_dev_info.dpram;group:zeek_ecat;kind:termfield;friendly:RAM Size;help:RAM Size -zeek.ecat_dev_info.features=db:zeek.ecat_dev_info.features;group:zeek_ecat;kind:termfield;friendly:Features;help:Features +zeek.ecat_dev_info.server_id=db:zeek.ecat_dev_info.server_id;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Server Address;help:Server Address +zeek.ecat_dev_info.revision=db:zeek.ecat_dev_info.revision;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Revision;help:Revision +zeek.ecat_dev_info.dev_type=db:zeek.ecat_dev_info.dev_type;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Device Type;help:Device Type +zeek.ecat_dev_info.build=db:zeek.ecat_dev_info.build;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Build Version;help:Build Version +zeek.ecat_dev_info.fmmucnt=db:zeek.ecat_dev_info.fmmucnt;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Fieldbus MMU Channels;help:Fieldbus MMU Channels +zeek.ecat_dev_info.smcount=db:zeek.ecat_dev_info.smcount;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Sync Managers;help:Sync Managers +zeek.ecat_dev_info.ports=db:zeek.ecat_dev_info.ports;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Port Descriptor;help:Port Descriptor +zeek.ecat_dev_info.dpram=db:zeek.ecat_dev_info.dpram;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:RAM Size;help:RAM Size +zeek.ecat_dev_info.features=db:zeek.ecat_dev_info.features;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Features;help:Features # ecat_aoe_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_aoe_info.resp_port=db:zeek.ecat_aoe_info.resp_port;group:zeek_ecat;kind:termfield;friendly:Target Port;help:Target Port -zeek.ecat_aoe_info.orig_port=db:zeek.ecat_aoe_info.orig_port;group:zeek_ecat;kind:termfield;friendly:Sender Port;help:Sender Port -zeek.ecat_aoe_info.command=db:zeek.ecat_aoe_info.command;group:zeek_ecat;kind:termfield;friendly:Command;help:Command -zeek.ecat_aoe_info.state=db:zeek.ecat_aoe_info.state;group:zeek_ecat;kind:termfield;friendly:State Flags;help:State Flags -zeek.ecat_aoe_info.data=db:zeek.ecat_aoe_info.data;group:zeek_ecat;kind:termfield;friendly:Data;help:Data +zeek.ecat_aoe_info.resp_port=db:zeek.ecat_aoe_info.resp_port;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Target Port;help:Target Port +zeek.ecat_aoe_info.orig_port=db:zeek.ecat_aoe_info.orig_port;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Sender Port;help:Sender Port +zeek.ecat_aoe_info.command=db:zeek.ecat_aoe_info.command;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.ecat_aoe_info.state=db:zeek.ecat_aoe_info.state;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:State Flags;help:State Flags +zeek.ecat_aoe_info.data=db:zeek.ecat_aoe_info.data;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data;help:Data # ecat_coe_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_coe_info.number=db:zeek.ecat_coe_info.number;group:zeek_ecat;kind:termfield;friendly:Message Number;help:Message Number -zeek.ecat_coe_info.type=db:zeek.ecat_coe_info.type;group:zeek_ecat;kind:termfield;friendly:Message Type;help:Message Type -zeek.ecat_coe_info.req_resp=db:zeek.ecat_coe_info.req_resp;group:zeek_ecat;kind:termfield;friendly:Request or Response;help:Request or Response -zeek.ecat_coe_info.index=db:zeek.ecat_coe_info.index;group:zeek_ecat;kind:termfield;friendly:Message Index;help:Message Index -zeek.ecat_coe_info.subindex=db:zeek.ecat_coe_info.subindex;group:zeek_ecat;kind:termfield;friendly:Message Subindex;help:Message Subindex -zeek.ecat_coe_info.dataoffset=db:zeek.ecat_coe_info.dataoffset;group:zeek_ecat;kind:termfield;friendly:Data Offset;help:Data Offset +zeek.ecat_coe_info.number=db:zeek.ecat_coe_info.number;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Message Number;help:Message Number +zeek.ecat_coe_info.type=db:zeek.ecat_coe_info.type;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Message Type;help:Message Type +zeek.ecat_coe_info.req_resp=db:zeek.ecat_coe_info.req_resp;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Request or Response;help:Request or Response +zeek.ecat_coe_info.index=db:zeek.ecat_coe_info.index;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Message Index;help:Message Index +zeek.ecat_coe_info.subindex=db:zeek.ecat_coe_info.subindex;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Message Subindex;help:Message Subindex +zeek.ecat_coe_info.dataoffset=db:zeek.ecat_coe_info.dataoffset;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data Offset;help:Data Offset # ecat_foe_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_foe_info.opcode=db:zeek.ecat_foe_info.opcode;group:zeek_ecat;kind:termfield;friendly:Operation;help:Operation -zeek.ecat_foe_info.reserved=db:zeek.ecat_foe_info.reserved;group:zeek_ecat;kind:termfield;friendly:Reserver;help:Reserver -zeek.ecat_foe_info.packet_num=db:zeek.ecat_foe_info.packet_num;group:zeek_ecat;kind:termfield;friendly:Packet Number;help:Packet Number -zeek.ecat_foe_info.error_code=db:zeek.ecat_foe_info.error_code;group:zeek_ecat;kind:termfield;friendly:Error Code;help:Error Code -zeek.ecat_foe_info.filename=db:zeek.ecat_foe_info.filename;group:zeek_ecat;kind:termfield;friendly:File Name;help:File Name -zeek.ecat_foe_info.data=db:zeek.ecat_foe_info.data;group:zeek_ecat;kind:termfield;friendly:Data;help:Data +zeek.ecat_foe_info.opcode=db:zeek.ecat_foe_info.opcode;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation +zeek.ecat_foe_info.reserved=db:zeek.ecat_foe_info.reserved;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Reserver;help:Reserver +zeek.ecat_foe_info.packet_num=db:zeek.ecat_foe_info.packet_num;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Packet Number;help:Packet Number +zeek.ecat_foe_info.error_code=db:zeek.ecat_foe_info.error_code;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Error Code;help:Error Code +zeek.ecat_foe_info.filename=db:zeek.ecat_foe_info.filename;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:File Name;help:File Name +zeek.ecat_foe_info.data=db:zeek.ecat_foe_info.data;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Data;help:Data # ecat_soe_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_soe_info.opcode=db:zeek.ecat_soe_info.opcode;group:zeek_ecat;kind:termfield;friendly:Operation;help:Operation -zeek.ecat_soe_info.incomplete=db:zeek.ecat_soe_info.incomplete;group:zeek_ecat;kind:termfield;friendly:Incomplete;help:Incomplete -zeek.ecat_soe_info.error=db:zeek.ecat_soe_info.error;group:zeek_ecat;kind:termfield;friendly:Error Message;help:Error Message -zeek.ecat_soe_info.drive_num=db:zeek.ecat_soe_info.drive_num;group:zeek_ecat;kind:termfield;friendly:Drive Number;help:Drive Number -zeek.ecat_soe_info.element=db:zeek.ecat_soe_info.element;group:zeek_ecat;kind:termfield;friendly:Element Flags;help:Element Flags -zeek.ecat_soe_info.index=db:zeek.ecat_soe_info.index;group:zeek_ecat;kind:termfield;friendly:Message Index;help:Message Index +zeek.ecat_soe_info.opcode=db:zeek.ecat_soe_info.opcode;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation +zeek.ecat_soe_info.incomplete=db:zeek.ecat_soe_info.incomplete;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Incomplete;help:Incomplete +zeek.ecat_soe_info.error=db:zeek.ecat_soe_info.error;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Error Message;help:Error Message +zeek.ecat_soe_info.drive_num=db:zeek.ecat_soe_info.drive_num;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Drive Number;help:Drive Number +zeek.ecat_soe_info.element=db:zeek.ecat_soe_info.element;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Element Flags;help:Element Flags +zeek.ecat_soe_info.index=db:zeek.ecat_soe_info.index;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Message Index;help:Message Index # ecat_arp_info.log # https://github.com/cisagov/ICSNPP -zeek.ecat_arp_info.arp_type=db:zeek.ecat_arp_info.arp_type;group:zeek_ecat;kind:termfield;friendly:ARP Command;help:ARP Command -zeek.ecat_arp_info.orig_proto_addr=db:zeek.ecat_arp_info.orig_proto_addr;group:zeek_ecat;kind:termfield;friendly:Originating host;help:Originating host -zeek.ecat_arp_info.orig_hw_addr=db:zeek.ecat_arp_info.orig_hw_addr;group:zeek_ecat;kind:termfield;friendly:Originating MAC;help:Originating MAC -zeek.ecat_arp_info.resp_proto_addr=db:zeek.ecat_arp_info.resp_proto_addr;group:zeek_ecat;kind:termfield;friendly:Responding host;help:Responding host -zeek.ecat_arp_info.resp_hw_addr=db:zeek.ecat_arp_info.resp_hw_addr;group:zeek_ecat;kind:termfield;friendly:Responding MAC;help:Responding MAC +zeek.ecat_arp_info.arp_type=db:zeek.ecat_arp_info.arp_type;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:ARP Command;help:ARP Command +zeek.ecat_arp_info.orig_proto_addr=db:zeek.ecat_arp_info.orig_proto_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Originating host;help:Originating host +zeek.ecat_arp_info.orig_hw_addr=db:zeek.ecat_arp_info.orig_hw_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Originating MAC;help:Originating MAC +zeek.ecat_arp_info.resp_proto_addr=db:zeek.ecat_arp_info.resp_proto_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Responding host;help:Responding host +zeek.ecat_arp_info.resp_hw_addr=db:zeek.ecat_arp_info.resp_hw_addr;group:zeek_ecat;kind:termfield;viewerOnly:true;friendly:Responding MAC;help:Responding MAC # files.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/files/main.zeek.html#type-Files::Info -zeek.files.tx_hosts=db:zeek.files.tx_hosts;group:zeek_files;kind:termfield;friendly:Transmitter;help:Transmitter -zeek.files.rx_hosts=db:zeek.files.rx_hosts;group:zeek_files;kind:termfield;friendly:Receiver;help:Receiver -zeek.files.conn_uids=db:zeek.files.conn_uids;group:zeek_files;kind:termfield;friendly:Connection ID;help:Connection ID -zeek.files.depth=db:zeek.files.depth;group:zeek_files;kind:integer;friendly:Source Depth;help:Source Depth -zeek.files.analyzers=db:zeek.files.analyzers;group:zeek_files;kind:termfield;friendly:Analyzer;help:Analyzer -zeek.files.mime_type=db:zeek.files.mime_type;group:zeek_files;kind:termfield;friendly:File Magic;help:File Magic -zeek.files.filename=db:zeek.files.filename;group:zeek_files;kind:termfield;friendly:Filename;help:Filename -zeek.files.ftime=db:zeek.files.ftime;group:zeek_files;kind:termfield;friendly:File Timestamp;help:File Timestamp -zeek.files.duration=db:zeek.files.duration;group:zeek_files;kind:termfield;friendly:Analysis Duration;help:Analysis Duration -zeek.files.local_orig=db:zeek.files.local_orig;group:zeek_files;kind:termfield;friendly:Local Originator;help:Local Originator -zeek.files.seen_bytes=db:zeek.files.seen_bytes;group:zeek_files;kind:integer;friendly:Bytes Analyzed;help:Bytes Analyzed -zeek.files.total_bytes=db:zeek.files.total_bytes;group:zeek_files;kind:integer;friendly:Total Bytes;help:Total Bytes -zeek.files.missing_bytes=db:zeek.files.missing_bytes;group:zeek_files;kind:integer;friendly:Missed Bytes;help:Missed Bytes -zeek.files.overflow_bytes=db:zeek.files.overflow_bytes;group:zeek_files;kind:integer;friendly:Overflow Bytes;help:Overflow Bytes -zeek.files.timedout=db:zeek.files.timedout;group:zeek_files;kind:termfield;friendly:Analysis Timed Out;help:Analysis Timed Out -zeek.files.parent_fuid=db:zeek.files.parent_fuid;group:zeek_files;kind:termfield;friendly:Parent File ID;help:Parent File ID -zeek.files.md5=db:zeek.files.md5;group:zeek_files;kind:termfield;friendly:MD5 Digest;help:MD5 Digest -zeek.files.sha1=db:zeek.files.sha1;group:zeek_files;kind:termfield;friendly:SHA1 Digest;help:SHA1 Digest -zeek.files.sha256=db:zeek.files.sha256;group:zeek_files;kind:termfield;friendly:SHA256 Digest;help:SHA256 Digest -zeek.files.extracted=db:zeek.files.extracted;group:zeek_files;kind:termfield;friendly:Extracted Filename;help:Extracted Filename -zeek.files.extracted_cutoff=db:zeek.files.extracted_cutoff;group:zeek_files;kind:termfield;friendly:Truncated;help:Truncated -zeek.files.extracted_size=db:zeek.files.extracted_size;group:zeek_files;kind:integer;friendly:Extracted Bytes;help:Extracted Bytes +zeek.files.tx_hosts=db:zeek.files.tx_hosts;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Transmitter;help:Transmitter +zeek.files.rx_hosts=db:zeek.files.rx_hosts;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Receiver;help:Receiver +zeek.files.conn_uids=db:zeek.files.conn_uids;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Connection ID;help:Connection ID +zeek.files.depth=db:zeek.files.depth;group:zeek_files;kind:integer;viewerOnly:true;friendly:Source Depth;help:Source Depth +zeek.files.analyzers=db:zeek.files.analyzers;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Analyzer;help:Analyzer +zeek.files.mime_type=db:zeek.files.mime_type;group:zeek_files;kind:termfield;viewerOnly:true;friendly:File Magic;help:File Magic +zeek.files.filename=db:zeek.files.filename;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Filename;help:Filename +zeek.files.ftime=db:zeek.files.ftime;group:zeek_files;kind:termfield;viewerOnly:true;friendly:File Timestamp;help:File Timestamp +zeek.files.duration=db:zeek.files.duration;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Analysis Duration;help:Analysis Duration +zeek.files.local_orig=db:zeek.files.local_orig;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Local Originator;help:Local Originator +zeek.files.seen_bytes=db:zeek.files.seen_bytes;group:zeek_files;kind:integer;viewerOnly:true;friendly:Bytes Analyzed;help:Bytes Analyzed +zeek.files.total_bytes=db:zeek.files.total_bytes;group:zeek_files;kind:integer;viewerOnly:true;friendly:Total Bytes;help:Total Bytes +zeek.files.missing_bytes=db:zeek.files.missing_bytes;group:zeek_files;kind:integer;viewerOnly:true;friendly:Missed Bytes;help:Missed Bytes +zeek.files.overflow_bytes=db:zeek.files.overflow_bytes;group:zeek_files;kind:integer;viewerOnly:true;friendly:Overflow Bytes;help:Overflow Bytes +zeek.files.timedout=db:zeek.files.timedout;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Analysis Timed Out;help:Analysis Timed Out +zeek.files.parent_fuid=db:zeek.files.parent_fuid;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Parent File ID;help:Parent File ID +zeek.files.md5=db:zeek.files.md5;group:zeek_files;kind:termfield;viewerOnly:true;friendly:MD5 Digest;help:MD5 Digest +zeek.files.sha1=db:zeek.files.sha1;group:zeek_files;kind:termfield;viewerOnly:true;friendly:SHA1 Digest;help:SHA1 Digest +zeek.files.sha256=db:zeek.files.sha256;group:zeek_files;kind:termfield;viewerOnly:true;friendly:SHA256 Digest;help:SHA256 Digest +zeek.files.extracted=db:zeek.files.extracted;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Extracted Filename;help:Extracted Filename +zeek.files.extracted_cutoff=db:zeek.files.extracted_cutoff;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Truncated;help:Truncated +zeek.files.extracted_size=db:zeek.files.extracted_size;group:zeek_files;kind:integer;viewerOnly:true;friendly:Extracted Bytes;help:Extracted Bytes # ftp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info -zeek.ftp.command=db:zeek.ftp.command;group:zeek_ftp;kind:termfield;friendly:Command;help:Command -zeek.ftp.arg=db:zeek.ftp.arg;group:zeek_ftp;kind:termfield;friendly:Argument;help:Argument -zeek.ftp.mime_type=db:zeek.ftp.mime_type;group:zeek_ftp;kind:termfield;friendly:File Magic;help:File Magic -zeek.ftp.file_size=db:zeek.ftp.file_size;group:zeek_ftp;kind:integer;friendly:File Size;help:File Size -zeek.ftp.reply_code=db:zeek.ftp.reply_code;group:zeek_ftp;kind:integer;friendly:Reply Code;help:Reply Code -zeek.ftp.reply_msg=db:zeek.ftp.reply_msg;group:zeek_ftp;kind:termfield;friendly:Reply;help:Reply -zeek.ftp.data_channel_passive=db:zeek.ftp.data_channel_passive;group:zeek_ftp;kind:termfield;friendly:Passive;help:Passive -zeek.ftp.data_channel_orig_h=db:zeek.ftp.data_channel_orig_h;group:zeek_ftp;kind:termfield;friendly:Data Originating Host;help:Data Originating Host -zeek.ftp.data_channel_resp_h=db:zeek.ftp.data_channel_resp_h;group:zeek_ftp;kind:termfield;friendly:Data Responding Host;help:Data Responding Host -zeek.ftp.data_channel_resp_p=db:zeek.ftp.data_channel_resp_p;group:zeek_ftp;kind:integer;friendly:Data Responding Port;help:Data Responding Port +zeek.ftp.command=db:zeek.ftp.command;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.ftp.arg=db:zeek.ftp.arg;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Argument;help:Argument +zeek.ftp.mime_type=db:zeek.ftp.mime_type;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:File Magic;help:File Magic +zeek.ftp.file_size=db:zeek.ftp.file_size;group:zeek_ftp;kind:integer;viewerOnly:true;friendly:File Size;help:File Size +zeek.ftp.reply_code=db:zeek.ftp.reply_code;group:zeek_ftp;kind:integer;viewerOnly:true;friendly:Reply Code;help:Reply Code +zeek.ftp.reply_msg=db:zeek.ftp.reply_msg;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Reply;help:Reply +zeek.ftp.data_channel_passive=db:zeek.ftp.data_channel_passive;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Passive;help:Passive +zeek.ftp.data_channel_orig_h=db:zeek.ftp.data_channel_orig_h;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Data Originating Host;help:Data Originating Host +zeek.ftp.data_channel_resp_h=db:zeek.ftp.data_channel_resp_h;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Data Responding Host;help:Data Responding Host +zeek.ftp.data_channel_resp_p=db:zeek.ftp.data_channel_resp_p;group:zeek_ftp;kind:integer;viewerOnly:true;friendly:Data Responding Port;help:Data Responding Port # genisys.log # https://github.com/cisagov/icsnpp-genisys -zeek.genisys.header=db:zeek.genisys.header;group:zeek_genisys;kind:termfield;friendly:Control Character;help:Control Character -zeek.genisys.server=db:zeek.genisys.server;group:zeek_genisys;kind:integer;friendly:Station Address;help:Station Address -zeek.genisys.direction=db:zeek.genisys.direction;group:zeek_genisys;kind:termfield;friendly:Message Direction;help:Message Direction -zeek.genisys.crc_transmitted=db:zeek.genisys.crc_transmitted;group:zeek_genisys;kind:termfield;friendly:CRC Transmitted;help:CRC Transmitted -zeek.genisys.crc_calculated=db:zeek.genisys.crc_calculated;group:zeek_genisys;kind:termfield;friendly:CRC Calculated;help:CRC Calculated -zeek.genisys.payload.address=db:zeek.genisys.payload.address;group:zeek_genisys;kind:integer;friendly:Payload Address;help:Payload Address -zeek.genisys.payload.data=db:zeek.genisys.payload.data;group:zeek_genisys;kind:integer;friendly:Payload Data;help:Payload Data +zeek.genisys.header=db:zeek.genisys.header;group:zeek_genisys;kind:termfield;viewerOnly:true;friendly:Control Character;help:Control Character +zeek.genisys.server=db:zeek.genisys.server;group:zeek_genisys;kind:integer;viewerOnly:true;friendly:Station Address;help:Station Address +zeek.genisys.direction=db:zeek.genisys.direction;group:zeek_genisys;kind:termfield;viewerOnly:true;friendly:Message Direction;help:Message Direction +zeek.genisys.crc_transmitted=db:zeek.genisys.crc_transmitted;group:zeek_genisys;kind:termfield;viewerOnly:true;friendly:CRC Transmitted;help:CRC Transmitted +zeek.genisys.crc_calculated=db:zeek.genisys.crc_calculated;group:zeek_genisys;kind:termfield;viewerOnly:true;friendly:CRC Calculated;help:CRC Calculated +zeek.genisys.payload.address=db:zeek.genisys.payload.address;group:zeek_genisys;kind:integer;viewerOnly:true;friendly:Payload Address;help:Payload Address +zeek.genisys.payload.data=db:zeek.genisys.payload.data;group:zeek_genisys;kind:integer;viewerOnly:true;friendly:Payload Data;help:Payload Data # gquic.log # https://github.com/salesforce/GQUIC_Protocol_Analyzer/blob/master/scripts/Salesforce/GQUIC/main.bro -zeek.gquic.version=db:zeek.gquic.version;group:zeek_gquic;kind:termfield;friendly:QUIC version;help:gquic version -zeek.gquic.server_name=db:zeek.gquic.server_name;group:zeek_gquic;kind:termfield;friendly:Server Name;help:gquic server_name -zeek.gquic.user_agent=db:zeek.gquic.user_agent;group:zeek_gquic;kind:termfield;friendly:User Agent;help:gquic user_agent -zeek.gquic.tag_count=db:zeek.gquic.tag_count;group:zeek_gquic;kind:integer;friendly:Tag Count;help:gquic tag_count -zeek.gquic.cyu=db:zeek.gquic.cyu;group:zeek_gquic;kind:termfield;friendly:CYU Fingerprint;help:gquic cyu -zeek.gquic.cyutags=db:zeek.gquic.cyutags;group:zeek_gquic;kind:termfield;friendly:CYU Fingerprint Digest;help:gquic cyutags +zeek.gquic.version=db:zeek.gquic.version;group:zeek_gquic;kind:termfield;viewerOnly:true;friendly:QUIC version;help:gquic version +zeek.gquic.server_name=db:zeek.gquic.server_name;group:zeek_gquic;kind:termfield;viewerOnly:true;friendly:Server Name;help:gquic server_name +zeek.gquic.user_agent=db:zeek.gquic.user_agent;group:zeek_gquic;kind:termfield;viewerOnly:true;friendly:User Agent;help:gquic user_agent +zeek.gquic.tag_count=db:zeek.gquic.tag_count;group:zeek_gquic;kind:integer;viewerOnly:true;friendly:Tag Count;help:gquic tag_count +zeek.gquic.cyu=db:zeek.gquic.cyu;group:zeek_gquic;kind:termfield;viewerOnly:true;friendly:CYU Fingerprint;help:gquic cyu +zeek.gquic.cyutags=db:zeek.gquic.cyutags;group:zeek_gquic;kind:termfield;viewerOnly:true;friendly:CYU Fingerprint Digest;help:gquic cyutags # http.log # https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info -zeek.http.trans_depth=db:zeek.http.trans_depth;group:zeek_http;kind:integer;friendly:Pipeline Depth;help:Pipeline Depth -zeek.http.method=db:zeek.http.method;group:zeek_http;kind:termfield;friendly:Request Method;help:Request Method -zeek.http.host=db:zeek.http.host;group:zeek_http;kind:termfield;friendly:Host Header;help:Host Header -zeek.http.uri=db:zeek.http.uri;group:zeek_http;kind:termfield;friendly:URI;help:URI -zeek.http.referrer=db:zeek.http.referrer;group:zeek_http;kind:termfield;friendly:Referrer Header;help:Referrer Header -zeek.http.version=db:zeek.http.version;group:zeek_http;kind:termfield;friendly:Version;help:Version -zeek.http.user_agent=db:zeek.http.user_agent;group:zeek_http;kind:termfield;friendly:User Agent;help:User Agent -zeek.http.origin=db:zeek.http.origin;group:zeek_http;kind:termfield;friendly:Origin Header;help:Origin Header -zeek.http.request_body_len=db:zeek.http.request_body_len;group:zeek_http;kind:integer;friendly:Request Body Length;help:Request Body Length -zeek.http.response_body_len=db:zeek.http.response_body_len;group:zeek_http;kind:integer;friendly:Response Body Length;help:Response Body Length -zeek.http.status_code=db:zeek.http.status_code;group:zeek_http;kind:integer;friendly:Status Code;help:Status Code -zeek.http.status_msg=db:zeek.http.status_msg;group:zeek_http;kind:termfield;friendly:Status Message;help:Status Message -zeek.http.info_code=db:zeek.http.info_code;group:zeek_http;kind:integer;friendly:Informational Code;help:Informational Code -zeek.http.info_msg=db:zeek.http.info_msg;group:zeek_http;kind:termfield;friendly:Informational Message;help:Informational Message -zeek.http.tags=db:zeek.http.tags;group:zeek_http;kind:termfield;friendly:HTTP Tag;help:HTTP Tag -zeek.http.proxied=db:zeek.http.proxied;group:zeek_http;kind:termfield;friendly:Proxy Header;help:Proxy Header -zeek.http.orig_fuids=db:zeek.http.orig_fuids;group:zeek_http;kind:termfield;friendly:Originating File ID;help:Originating File ID -zeek.http.orig_filenames=db:zeek.http.orig_filenames;group:zeek_http;kind:termfield;friendly:Originating Filename;help:Originating Filename -zeek.http.orig_mime_types=db:zeek.http.orig_mime_types;group:zeek_http;kind:termfield;friendly:Originating File Magic;help:Originating File Magic -zeek.http.resp_fuids=db:zeek.http.resp_fuids;group:zeek_http;kind:termfield;friendly:Responding File ID;help:Responding File ID -zeek.http.resp_filenames=db:zeek.http.resp_filenames;group:zeek_http;kind:termfield;friendly:Responding Filename;help:Responding Filename -zeek.http.resp_mime_types=db:zeek.http.resp_mime_types;group:zeek_http;kind:termfield;friendly:Responding File Magic;help:Responding File Magic -zeek.http.post_username=db:zeek.http.post_username;group:zeek_http;kind:termfield;friendly:POST User;help:POST User -zeek.http.post_password_plain=db:zeek.http.post_password_plain;group:zeek_http;kind:termfield;friendly:POST Password;help:POST Password +zeek.http.trans_depth=db:zeek.http.trans_depth;group:zeek_http;kind:integer;viewerOnly:true;friendly:Pipeline Depth;help:Pipeline Depth +zeek.http.method=db:zeek.http.method;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Request Method;help:Request Method +zeek.http.host=db:zeek.http.host;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Host Header;help:Host Header +zeek.http.uri=db:zeek.http.uri;group:zeek_http;kind:termfield;viewerOnly:true;friendly:URI;help:URI +zeek.http.referrer=db:zeek.http.referrer;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Referrer Header;help:Referrer Header +zeek.http.version=db:zeek.http.version;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Version;help:Version +zeek.http.user_agent=db:zeek.http.user_agent;group:zeek_http;kind:termfield;viewerOnly:true;friendly:User Agent;help:User Agent +zeek.http.origin=db:zeek.http.origin;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Origin Header;help:Origin Header +zeek.http.request_body_len=db:zeek.http.request_body_len;group:zeek_http;kind:integer;viewerOnly:true;friendly:Request Body Length;help:Request Body Length +zeek.http.response_body_len=db:zeek.http.response_body_len;group:zeek_http;kind:integer;viewerOnly:true;friendly:Response Body Length;help:Response Body Length +zeek.http.status_code=db:zeek.http.status_code;group:zeek_http;kind:integer;viewerOnly:true;friendly:Status Code;help:Status Code +zeek.http.status_msg=db:zeek.http.status_msg;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Status Message;help:Status Message +zeek.http.info_code=db:zeek.http.info_code;group:zeek_http;kind:integer;viewerOnly:true;friendly:Informational Code;help:Informational Code +zeek.http.info_msg=db:zeek.http.info_msg;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Informational Message;help:Informational Message +zeek.http.tags=db:zeek.http.tags;group:zeek_http;kind:termfield;viewerOnly:true;friendly:HTTP Tag;help:HTTP Tag +zeek.http.proxied=db:zeek.http.proxied;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Proxy Header;help:Proxy Header +zeek.http.orig_fuids=db:zeek.http.orig_fuids;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Originating File ID;help:Originating File ID +zeek.http.orig_filenames=db:zeek.http.orig_filenames;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Originating Filename;help:Originating Filename +zeek.http.orig_mime_types=db:zeek.http.orig_mime_types;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Originating File Magic;help:Originating File Magic +zeek.http.resp_fuids=db:zeek.http.resp_fuids;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Responding File ID;help:Responding File ID +zeek.http.resp_filenames=db:zeek.http.resp_filenames;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Responding Filename;help:Responding Filename +zeek.http.resp_mime_types=db:zeek.http.resp_mime_types;group:zeek_http;kind:termfield;viewerOnly:true;friendly:Responding File Magic;help:Responding File Magic +zeek.http.post_username=db:zeek.http.post_username;group:zeek_http;kind:termfield;viewerOnly:true;friendly:POST User;help:POST User +zeek.http.post_password_plain=db:zeek.http.post_password_plain;group:zeek_http;kind:termfield;viewerOnly:true;friendly:POST Password;help:POST Password # intel.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/intel/main.zeek.html#type-Intel::Info -zeek.intel.seen_indicator=db:zeek.intel.seen_indicator;group:zeek_intel;kind:termfield;friendly:Indicator;help:Indicator -zeek.intel.seen_indicator_type=db:zeek.intel.seen_indicator_type;group:zeek_intel;kind:termfield;friendly:Indicator Type;help:Indicator Type -zeek.intel.seen_where=db:zeek.intel.seen_where;group:zeek_intel;kind:termfield;friendly:Where Discovered;help:Where Discovered -zeek.intel.seen_node=db:zeek.intel.seen_node;group:zeek_intel;kind:termfield;friendly:Discovered Node;help:Discovered Node -zeek.intel.matched=db:zeek.intel.matched;group:zeek_intel;kind:termfield;friendly:Match Indicator;help:Match Indicator -zeek.intel.sources=db:zeek.intel.sources;group:zeek_intel;kind:termfield;friendly:Match Source;help:Match Source -zeek.intel.file_mime_type=db:zeek.intel.file_mime_type;group:zeek_intel;kind:termfield;friendly:File Magic;help:File Magic -zeek.intel.file_description=db:zeek.intel.file_description;group:zeek_intel;kind:termfield;friendly:File Description;help:File Description -zeek.intel.cif_tags=db:zeek.intel.cif_tags;group:zeek_intel;kind:termfield;friendly:CIF Tags;help:CIF Tags -zeek.intel.cif_confidence=db:zeek.intel.cif_confidence;group:zeek_intel;kind:float;friendly:CIF Confidence;help:CIF Confidence -zeek.intel.cif_source=db:zeek.intel.cif_source;group:zeek_intel;kind:termfield;friendly:CIF Source;help:CIF Source -zeek.intel.cif_description=db:zeek.intel.cif_description;group:zeek_intel;kind:termfield;friendly:CIF Description;help:CIF Description -zeek.intel.cif_firstseen=db:zeek.intel.cif_firstseen;group:zeek_intel;kind:termfield;friendly:CIF First Seen;help:CIF First Seen -zeek.intel.cif_lastseen=db:zeek.intel.cif_lastseen;group:zeek_intel;kind:termfield;friendly:CIF Last Seen;help:CIF Last Seen +zeek.intel.seen_indicator=db:zeek.intel.seen_indicator;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Indicator;help:Indicator +zeek.intel.seen_indicator_type=db:zeek.intel.seen_indicator_type;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Indicator Type;help:Indicator Type +zeek.intel.seen_where=db:zeek.intel.seen_where;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Where Discovered;help:Where Discovered +zeek.intel.seen_node=db:zeek.intel.seen_node;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Discovered Node;help:Discovered Node +zeek.intel.matched=db:zeek.intel.matched;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Match Indicator;help:Match Indicator +zeek.intel.sources=db:zeek.intel.sources;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:Match Source;help:Match Source +zeek.intel.file_mime_type=db:zeek.intel.file_mime_type;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:File Magic;help:File Magic +zeek.intel.file_description=db:zeek.intel.file_description;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:File Description;help:File Description +zeek.intel.cif_tags=db:zeek.intel.cif_tags;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:CIF Tags;help:CIF Tags +zeek.intel.cif_confidence=db:zeek.intel.cif_confidence;group:zeek_intel;kind:float;viewerOnly:true;friendly:CIF Confidence;help:CIF Confidence +zeek.intel.cif_source=db:zeek.intel.cif_source;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:CIF Source;help:CIF Source +zeek.intel.cif_description=db:zeek.intel.cif_description;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:CIF Description;help:CIF Description +zeek.intel.cif_firstseen=db:zeek.intel.cif_firstseen;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:CIF First Seen;help:CIF First Seen +zeek.intel.cif_lastseen=db:zeek.intel.cif_lastseen;group:zeek_intel;kind:termfield;viewerOnly:true;friendly:CIF Last Seen;help:CIF Last Seen # ipsec.log # https://github.com/corelight/zeek-spicy-ipsec/blob/master/analyzer/main.zeek -zeek.ipsec.initiator_spi=db:zeek.ipsec.initiator_spi;group:zeek_ipsec;kind:termfield;friendly:Initiator SPI;help:Initiator SPI -zeek.ipsec.responder_spi=db:zeek.ipsec.responder_spi;group:zeek_ipsec;kind:termfield;friendly:Responder SPI;help:Responder SPI -zeek.ipsec.maj_ver=db:zeek.ipsec.maj_ver;group:zeek_ipsec;kind:integer;friendly:Major Version;help:Major Version -zeek.ipsec.min_ver=db:zeek.ipsec.min_ver;group:zeek_ipsec;kind:integer;friendly:Minor Version;help:Minor Version -zeek.ipsec.doi=db:zeek.ipsec.doi;group:zeek_ipsec;kind:integer;friendly:Domain of Interpretation;help:Domain of Interpretation -zeek.ipsec.exchange_type=db:zeek.ipsec.exchange_type;group:zeek_ipsec;kind:integer;friendly:Exchange Type;help:Exchange Type -zeek.ipsec.flag_e=db:zeek.ipsec.flag_e;group:zeek_ipsec;kind:termfield;friendly:Flag E;help:Flag E -zeek.ipsec.flag_c=db:zeek.ipsec.flag_c;group:zeek_ipsec;kind:termfield;friendly:Flag C;help:Flac C -zeek.ipsec.flag_a=db:zeek.ipsec.flag_a;group:zeek_ipsec;kind:termfield;friendly:Flag A;help:Flag A -zeek.ipsec.flag_i=db:zeek.ipsec.flag_i;group:zeek_ipsec;kind:termfield;friendly:Flag I;help:Flag I -zeek.ipsec.flag_v=db:zeek.ipsec.flag_v;group:zeek_ipsec;kind:termfield;friendly:Flag V;help:Flag V -zeek.ipsec.flag_r=db:zeek.ipsec.flag_r;group:zeek_ipsec;kind:termfield;friendly:Flag R;help:Flag R -zeek.ipsec.flags=db:zeek.ipsec.flags;group:zeek_ipsec;kind:termfield;friendly:Flags;help:Flags -zeek.ipsec.message_id=db:zeek.ipsec.message_id;group:zeek_ipsec;kind:termfield;friendly:Message ID;help:Message ID -zeek.ipsec.vendor_ids=db:zeek.ipsec.vendor_ids;group:zeek_ipsec;kind:termfield;friendly:Vendor ID;help:Vendor ID -zeek.ipsec.notify_messages=db:zeek.ipsec.notify_messages;group:zeek_ipsec;kind:termfield;friendly:Notify Message Type;help:Notify Message Type -zeek.ipsec.situation=db:zeek.ipsec.situation;group:zeek_ipsec;kind:termfield;friendly:Situation;help:Situation -zeek.ipsec.transforms=db:zeek.ipsec.transforms;group:zeek_ipsec;kind:termfield;friendly:Transform;help:Transform -zeek.ipsec.ke_dh_groups=db:zeek.ipsec.ke_dh_groups;group:zeek_ipsec;kind:integer;friendly:KE DH Group;help:KE DH Group -zeek.ipsec.proposals=db:zeek.ipsec.proposals;group:zeek_ipsec;kind:integer;friendly:Proposal;help:Proposal -zeek.ipsec.protocol_id=db:zeek.ipsec.protocol_id;group:zeek_ipsec;kind:integer;friendly:Protocol ID;help:Protocol ID -zeek.ipsec.certificates=db:zeek.ipsec.certificates;group:zeek_ipsec;kind:termfield;friendly:Certificate Hash;help:Certificate Hash -zeek.ipsec.transform_attributes=db:zeek.ipsec.transform_attributes;group:zeek_ipsec;kind:termfield;friendly:Transform Attribute;help:Transform Attribute -zeek.ipsec.length=db:zeek.ipsec.length;group:zeek_ipsec;kind:integer;friendly:Message Length;help:Message Length -zeek.ipsec.hash=db:zeek.ipsec.hash;group:zeek_ipsec;kind:termfield;friendly:Transaction Hash;help:Transaction Hash +zeek.ipsec.initiator_spi=db:zeek.ipsec.initiator_spi;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Initiator SPI;help:Initiator SPI +zeek.ipsec.responder_spi=db:zeek.ipsec.responder_spi;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Responder SPI;help:Responder SPI +zeek.ipsec.maj_ver=db:zeek.ipsec.maj_ver;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Major Version;help:Major Version +zeek.ipsec.min_ver=db:zeek.ipsec.min_ver;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Minor Version;help:Minor Version +zeek.ipsec.doi=db:zeek.ipsec.doi;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Domain of Interpretation;help:Domain of Interpretation +zeek.ipsec.exchange_type=db:zeek.ipsec.exchange_type;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Exchange Type;help:Exchange Type +zeek.ipsec.flag_e=db:zeek.ipsec.flag_e;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag E;help:Flag E +zeek.ipsec.flag_c=db:zeek.ipsec.flag_c;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag C;help:Flac C +zeek.ipsec.flag_a=db:zeek.ipsec.flag_a;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag A;help:Flag A +zeek.ipsec.flag_i=db:zeek.ipsec.flag_i;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag I;help:Flag I +zeek.ipsec.flag_v=db:zeek.ipsec.flag_v;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag V;help:Flag V +zeek.ipsec.flag_r=db:zeek.ipsec.flag_r;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flag R;help:Flag R +zeek.ipsec.flags=db:zeek.ipsec.flags;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Flags;help:Flags +zeek.ipsec.message_id=db:zeek.ipsec.message_id;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Message ID;help:Message ID +zeek.ipsec.vendor_ids=db:zeek.ipsec.vendor_ids;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Vendor ID;help:Vendor ID +zeek.ipsec.notify_messages=db:zeek.ipsec.notify_messages;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Notify Message Type;help:Notify Message Type +zeek.ipsec.situation=db:zeek.ipsec.situation;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Situation;help:Situation +zeek.ipsec.transforms=db:zeek.ipsec.transforms;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Transform;help:Transform +zeek.ipsec.ke_dh_groups=db:zeek.ipsec.ke_dh_groups;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:KE DH Group;help:KE DH Group +zeek.ipsec.proposals=db:zeek.ipsec.proposals;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Proposal;help:Proposal +zeek.ipsec.protocol_id=db:zeek.ipsec.protocol_id;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Protocol ID;help:Protocol ID +zeek.ipsec.certificates=db:zeek.ipsec.certificates;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Certificate Hash;help:Certificate Hash +zeek.ipsec.transform_attributes=db:zeek.ipsec.transform_attributes;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Transform Attribute;help:Transform Attribute +zeek.ipsec.length=db:zeek.ipsec.length;group:zeek_ipsec;kind:integer;viewerOnly:true;friendly:Message Length;help:Message Length +zeek.ipsec.hash=db:zeek.ipsec.hash;group:zeek_ipsec;kind:termfield;viewerOnly:true;friendly:Transaction Hash;help:Transaction Hash # irc.log # https://docs.zeek.org/en/stable/scripts/base/protocols/irc/main.zeek.html#type-IRC::Info -zeek.irc.nick=db:zeek.irc.nick;group:zeek_irc;kind:termfield;friendly:Nickname;help:Nickname -zeek.irc.command=db:zeek.irc.command;group:zeek_irc;kind:termfield;friendly:Command;help:Command -zeek.irc.value=db:zeek.irc.value;group:zeek_irc;kind:termfield;friendly:Value;help:Value -zeek.irc.addl=db:zeek.irc.addl;group:zeek_irc;kind:termfield;friendly:Additional Data;help:Additional Data -zeek.irc.dcc_file_name=db:zeek.irc.dcc_file_name;group:zeek_irc;kind:termfield;friendly:DCC Filename;help:DCC Filename -zeek.irc.dcc_file_size=db:zeek.irc.dcc_file_size;group:zeek_irc;kind:integer;friendly:DCC File Size;help:DCC File Size -zeek.irc.dcc_mime_type=db:zeek.irc.dcc_mime_type;group:zeek_irc;kind:termfield;friendly:DCC File Magic;help:DCC File Magic +zeek.irc.nick=db:zeek.irc.nick;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:Nickname;help:Nickname +zeek.irc.command=db:zeek.irc.command;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.irc.value=db:zeek.irc.value;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:Value;help:Value +zeek.irc.addl=db:zeek.irc.addl;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:Additional Data;help:Additional Data +zeek.irc.dcc_file_name=db:zeek.irc.dcc_file_name;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:DCC Filename;help:DCC Filename +zeek.irc.dcc_file_size=db:zeek.irc.dcc_file_size;group:zeek_irc;kind:integer;viewerOnly:true;friendly:DCC File Size;help:DCC File Size +zeek.irc.dcc_mime_type=db:zeek.irc.dcc_mime_type;group:zeek_irc;kind:termfield;viewerOnly:true;friendly:DCC File Magic;help:DCC File Magic # cotp.log # https://github.com/cisagov/icsnpp-s7comm -zeek.cotp.pdu_code=db:zeek.cotp.pdu_code;group:zeek_cotp;kind:termfield;friendly:PDU Code;help:PDU Code -zeek.cotp.pdu_name=db:zeek.cotp.pdu_name;group:zeek_cotp;kind:termfield;friendly:PDU Name;help:PDU Name +zeek.cotp.pdu_code=db:zeek.cotp.pdu_code;group:zeek_cotp;kind:termfield;viewerOnly:true;friendly:PDU Code;help:PDU Code +zeek.cotp.pdu_name=db:zeek.cotp.pdu_name;group:zeek_cotp;kind:termfield;viewerOnly:true;friendly:PDU Name;help:PDU Name # kerberos.log # https://docs.zeek.org/en/stable/scripts/base/protocols/krb/main.zeek.html#type-KRB::Info -zeek.kerberos.cname=db:zeek.kerberos.cname;group:zeek_kerberos;kind:termfield;friendly:Client;help:Client -zeek.kerberos.sname=db:zeek.kerberos.sname;group:zeek_kerberos;kind:termfield;friendly:Service;help:Service -zeek.kerberos.success=db:zeek.kerberos.success;group:zeek_kerberos;kind:termfield;friendly:Success;help:Success -zeek.kerberos.error_msg=db:zeek.kerberos.error_msg;group:zeek_kerberos;kind:termfield;friendly:Error Message;help:Error Message -zeek.kerberos.from=db:zeek.kerberos.from;group:zeek_kerberos;kind:termfield;friendly:Ticket Valid From;help:Ticket Valid From -zeek.kerberos.till=db:zeek.kerberos.till;group:zeek_kerberos;kind:termfield;friendly:Ticket Valid Till;help:Ticket Valid Till -zeek.kerberos.cipher=db:zeek.kerberos.cipher;group:zeek_kerberos;kind:termfield;friendly:Encryption Type;help:Encryption Type -zeek.kerberos.forwardable=db:zeek.kerberos.forwardable;group:zeek_kerberos;kind:termfield;friendly:Forwardable;help:Forwardable -zeek.kerberos.renewable=db:zeek.kerberos.renewable;group:zeek_kerberos;kind:termfield;friendly:Renewable;help:Renewable -zeek.kerberos.request_type=db:zeek.kerberos.request_type;group:zeek_kerberos;kind:termfield;friendly:Request Type;help:Request Type -zeek.kerberos.client_cert_subject=db:zeek.kerberos.client_cert_subject;group:zeek_kerberos;kind:termfield;friendly:Client Certificate Subject;help:Client Certificate Subject -zeek.kerberos.client_cert_fuid=db:zeek.kerberos.client_cert_fuid;group:zeek_kerberos;kind:termfield;friendly:Client Certificate File ID;help:Client Certificate File ID -zeek.kerberos.server_cert_subject=db:zeek.kerberos.server_cert_subject;group:zeek_kerberos;kind:termfield;friendly:Server Certificate Subject;help:Server Certificate Subject -zeek.kerberos.server_cert_fuid=db:zeek.kerberos.server_cert_fuid;group:zeek_kerberos;kind:termfield;friendly:Server Certificate File ID;help:Server Certificate File ID +zeek.kerberos.cname=db:zeek.kerberos.cname;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Client;help:Client +zeek.kerberos.sname=db:zeek.kerberos.sname;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Service;help:Service +zeek.kerberos.success=db:zeek.kerberos.success;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Success;help:Success +zeek.kerberos.error_msg=db:zeek.kerberos.error_msg;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Error Message;help:Error Message +zeek.kerberos.from=db:zeek.kerberos.from;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Ticket Valid From;help:Ticket Valid From +zeek.kerberos.till=db:zeek.kerberos.till;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Ticket Valid Till;help:Ticket Valid Till +zeek.kerberos.cipher=db:zeek.kerberos.cipher;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Encryption Type;help:Encryption Type +zeek.kerberos.forwardable=db:zeek.kerberos.forwardable;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Forwardable;help:Forwardable +zeek.kerberos.renewable=db:zeek.kerberos.renewable;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Renewable;help:Renewable +zeek.kerberos.request_type=db:zeek.kerberos.request_type;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Request Type;help:Request Type +zeek.kerberos.client_cert_subject=db:zeek.kerberos.client_cert_subject;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Client Certificate Subject;help:Client Certificate Subject +zeek.kerberos.client_cert_fuid=db:zeek.kerberos.client_cert_fuid;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Client Certificate File ID;help:Client Certificate File ID +zeek.kerberos.server_cert_subject=db:zeek.kerberos.server_cert_subject;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Server Certificate Subject;help:Server Certificate Subject +zeek.kerberos.server_cert_fuid=db:zeek.kerberos.server_cert_fuid;group:zeek_kerberos;kind:termfield;viewerOnly:true;friendly:Server Certificate File ID;help:Server Certificate File ID # known_certs.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/ssl/known-certs.zeek.html#type-Known::CertsInfo -zeek.known_certs.subject=db:zeek.known_certs.subject;group:zeek_x509;kind:termfield;friendly:Certificate Subject;help:Certificate Subject -zeek.known_certs.issuer_subject=db:zeek.known_certs.issuer_subject;group:zeek_x509;kind:termfield;friendly:Issuer Subject;help:Issuer Subject -zeek.known_certs.serial=db:zeek.known_certs.serial;group:zeek_x509;kind:termfield;friendly:Serial Number;help:Serial Number +zeek.known_certs.subject=db:zeek.known_certs.subject;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Certificate Subject;help:Certificate Subject +zeek.known_certs.issuer_subject=db:zeek.known_certs.issuer_subject;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Subject;help:Issuer Subject +zeek.known_certs.serial=db:zeek.known_certs.serial;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Serial Number;help:Serial Number # known_modbus.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/modbus/known-masters-slaves.zeek.html#type-Known::ModbusInfo -zeek.known_modbus.device_type=db:zeek.known_modbus.device_type;group:zeek_modbus;kind:termfield;friendly:Role;help:Role +zeek.known_modbus.device_type=db:zeek.known_modbus.device_type;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Role;help:Role # ldap.log # https://github.com/zeek/spicy-ldap/blob/main/analyzer/main.zeek -zeek.ldap.message_id=db:zeek.ldap.message_id;group:zeek_ldap;kind:termfield;friendly:Message ID;help:Message ID -zeek.ldap.version=db:zeek.ldap.version;group:zeek_ldap;kind:integer;friendly:LDAP Version;help:LDAP Version -zeek.ldap.operation=db:zeek.ldap.operation;group:zeek_ldap;kind:termfield;friendly:Operation;help:Operation -zeek.ldap.result_code=db:zeek.ldap.result_code;group:zeek_ldap;kind:termfield;friendly:Result Code;help:Result Code -zeek.ldap.result_message=db:zeek.ldap.result_message;group:zeek_ldap;kind:termfield;friendly:Diagnostic Message;help:Diagnostic Message -zeek.ldap.object=db:zeek.ldap.object;group:zeek_ldap;kind:termfield;friendly:Object;help:Object -zeek.ldap.argument=db:zeek.ldap.argument;group:zeek_ldap;kind:termfield;friendly:Arguments;help:Arguments +zeek.ldap.message_id=db:zeek.ldap.message_id;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Message ID;help:Message ID +zeek.ldap.version=db:zeek.ldap.version;group:zeek_ldap;kind:integer;viewerOnly:true;friendly:LDAP Version;help:LDAP Version +zeek.ldap.operation=db:zeek.ldap.operation;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation +zeek.ldap.result_code=db:zeek.ldap.result_code;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Result Code;help:Result Code +zeek.ldap.result_message=db:zeek.ldap.result_message;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Diagnostic Message;help:Diagnostic Message +zeek.ldap.object=db:zeek.ldap.object;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Object;help:Object +zeek.ldap.argument=db:zeek.ldap.argument;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Arguments;help:Arguments # ldap_search.log # https://github.com/zeek/spicy-ldap/blob/main/analyzer/main.zeek -zeek.ldap_search.attributes=db:zeek.ldap_search.attributes;group:zeek_ldap;kind:termfield;friendly:Attributes;help:Attributes -zeek.ldap_search.base_object=db:zeek.ldap_search.base_object;group:zeek_ldap;kind:termfield;friendly:Base Object;help:Base Object -zeek.ldap_search.deref=db:zeek.ldap_search.deref;group:zeek_ldap;kind:termfield;friendly:Dereference Alias;help:Dereference Alias -zeek.ldap_search.filter=db:zeek.ldap_search.filter;group:zeek_ldap;kind:termfield;friendly:Filter;help:Filter -zeek.ldap_search.message_id=db:zeek.ldap_search.message_id;group:zeek_ldap;kind:termfield;friendly:Message ID;help:Message ID -zeek.ldap_search.result_code=db:zeek.ldap_search.result_code;group:zeek_ldap;kind:termfield;friendly:Result Code;help:Result Code -zeek.ldap_search.result_count=db:zeek.ldap_search.result_count;group:zeek_ldap;kind:integer;friendly:Result Count;help:Result Count -zeek.ldap_search.result_message=db:zeek.ldap_search.result_message;group:zeek_ldap;kind:termfield;friendly:Diagnostic Message;help:Diagnostic Message -zeek.ldap_search.scope=db:zeek.ldap_search.scope;group:zeek_ldap;kind:termfield;friendly:Scope;help:Scope +zeek.ldap_search.attributes=db:zeek.ldap_search.attributes;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Attributes;help:Attributes +zeek.ldap_search.base_object=db:zeek.ldap_search.base_object;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Base Object;help:Base Object +zeek.ldap_search.deref=db:zeek.ldap_search.deref;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Dereference Alias;help:Dereference Alias +zeek.ldap_search.filter=db:zeek.ldap_search.filter;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Filter;help:Filter +zeek.ldap_search.message_id=db:zeek.ldap_search.message_id;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Message ID;help:Message ID +zeek.ldap_search.result_code=db:zeek.ldap_search.result_code;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Result Code;help:Result Code +zeek.ldap_search.result_count=db:zeek.ldap_search.result_count;group:zeek_ldap;kind:integer;viewerOnly:true;friendly:Result Count;help:Result Count +zeek.ldap_search.result_message=db:zeek.ldap_search.result_message;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Diagnostic Message;help:Diagnostic Message +zeek.ldap_search.scope=db:zeek.ldap_search.scope;group:zeek_ldap;kind:termfield;viewerOnly:true;friendly:Scope;help:Scope # login.log - custom login.log module (rudimentary, login/rlogin/rsh analyzers are old and not the greatest) -zeek.login.success=db:zeek.login.success;group:zeek_login;kind:termfield;friendly:Successful Login;help:Successful Login -zeek.login.confused=db:zeek.login.confused;group:zeek_login;kind:termfield;friendly:Analyzer Confused;help:Analyzer Confused -zeek.login.client_user=db:zeek.login.client_user;group:zeek_login;kind:termfield;friendly:Client User;help:Client User +zeek.login.success=db:zeek.login.success;group:zeek_login;kind:termfield;viewerOnly:true;friendly:Successful Login;help:Successful Login +zeek.login.confused=db:zeek.login.confused;group:zeek_login;kind:termfield;viewerOnly:true;friendly:Analyzer Confused;help:Analyzer Confused +zeek.login.client_user=db:zeek.login.client_user;group:zeek_login;kind:termfield;viewerOnly:true;friendly:Client User;help:Client User # modbus.log # https://docs.zeek.org/en/stable/scripts/base/protocols/modbus/main.zeek.html#type-Modbus::Info -zeek.modbus.func=db:zeek.modbus.func;group:zeek_modbus;kind:termfield;friendly:Function;help:Function -zeek.modbus.exception=db:zeek.modbus.exception;group:zeek_modbus;kind:termfield;friendly:Exception;help:Exception -zeek.modbus.unit_id=db:zeek.modbus.unit_id;group:zeek_modbus;kind:integer;friendly:Unit/Server ID;help:Unit/Server ID -zeek.modbus.trans_id=db:zeek.modbus.trans_id;group:zeek_modbus;kind:integer;friendly:Transaction ID;help:Transaction ID -zeek.modbus.network_direction=db:zeek.modbus.network_direction;group:zeek_modbus;kind:termfield;friendly:PDU Type;help:Request or Response +zeek.modbus.func=db:zeek.modbus.func;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Function;help:Function +zeek.modbus.exception=db:zeek.modbus.exception;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Exception;help:Exception +zeek.modbus.unit_id=db:zeek.modbus.unit_id;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Unit/Server ID;help:Unit/Server ID +zeek.modbus.trans_id=db:zeek.modbus.trans_id;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Transaction ID;help:Transaction ID +zeek.modbus.network_direction=db:zeek.modbus.network_direction;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:PDU Type;help:Request or Response # modbus_detailed.log # https://github.com/cisagov/ICSNPP -zeek.modbus_detailed.address=db:zeek.modbus_detailed.address;group:zeek_modbus;kind:integer;friendly:Starting Memory Address;help:Starting Memory Address -zeek.modbus_detailed.quantity=db:zeek.modbus_detailed.quantity;group:zeek_modbus;kind:integer;friendly:Number of Values;help:Number of Values -zeek.modbus_detailed.values=db:zeek.modbus_detailed.values;group:zeek_modbus;kind:termfield;friendly:Values;help:Values +zeek.modbus_detailed.address=db:zeek.modbus_detailed.address;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Starting Memory Address;help:Starting Memory Address +zeek.modbus_detailed.quantity=db:zeek.modbus_detailed.quantity;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Number of Values;help:Number of Values +zeek.modbus_detailed.values=db:zeek.modbus_detailed.values;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Values;help:Values # modbus_mask_write_register.log # https://github.com/cisagov/ICSNPP -zeek.modbus_mask_write_register.and_mask=db:zeek.modbus_mask_write_register.and_mask;group:zeek_modbus;kind:integer;friendly:Boolean AND mask to apply to target register;help:Boolean AND mask to apply to target register -zeek.modbus_mask_write_register.or_mask=db:zeek.modbus_mask_write_register.or_mask;group:zeek_modbus;kind:integer;friendly:Boolean OR mask to apply to target register;help:Boolean OR mask to apply to target register +zeek.modbus_mask_write_register.and_mask=db:zeek.modbus_mask_write_register.and_mask;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Boolean AND mask to apply to target register;help:Boolean AND mask to apply to target register +zeek.modbus_mask_write_register.or_mask=db:zeek.modbus_mask_write_register.or_mask;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Boolean OR mask to apply to target register;help:Boolean OR mask to apply to target register # modbus_read_write_multiple_registers.log # https://github.com/cisagov/ICSNPP -zeek.modbus_read_write_multiple_registers.write_start_address=db:zeek.modbus_read_write_multiple_registers.write_start_address;group:zeek_modbus;kind:integer;friendly:Starting address of the registers to write to;help:Starting address of the registers to write to -zeek.modbus_read_write_multiple_registers.write_registers=db:zeek.modbus_read_write_multiple_registers.write_registers;group:zeek_modbus;kind:termfield;friendly:Register values written;help:Register values written -zeek.modbus_read_write_multiple_registers.read_start_address=db:zeek.modbus_read_write_multiple_registers.read_start_address;group:zeek_modbus;kind:integer;friendly:Starting address of the registers to read;help:Starting address of the registers to read -zeek.modbus_read_write_multiple_registers.read_quantity=db:zeek.modbus_read_write_multiple_registers.read_quantity;group:zeek_modbus;kind:integer;friendly:Number of registers to read;help:Number of registers to read -zeek.modbus_read_write_multiple_registers.read_registers=db:zeek.modbus_read_write_multiple_registers.read_registers;group:zeek_modbus;kind:termfield;friendly:Register values read;help:Register values read +zeek.modbus_read_write_multiple_registers.write_start_address=db:zeek.modbus_read_write_multiple_registers.write_start_address;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Starting address of the registers to write to;help:Starting address of the registers to write to +zeek.modbus_read_write_multiple_registers.write_registers=db:zeek.modbus_read_write_multiple_registers.write_registers;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Register values written;help:Register values written +zeek.modbus_read_write_multiple_registers.read_start_address=db:zeek.modbus_read_write_multiple_registers.read_start_address;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Starting address of the registers to read;help:Starting address of the registers to read +zeek.modbus_read_write_multiple_registers.read_quantity=db:zeek.modbus_read_write_multiple_registers.read_quantity;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Number of registers to read;help:Number of registers to read +zeek.modbus_read_write_multiple_registers.read_registers=db:zeek.modbus_read_write_multiple_registers.read_registers;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:Register values read;help:Register values read # mqtt_connect.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::ConnectInfo -zeek.mqtt_connect.proto_name=db:zeek.mqtt_connect.proto_name;group:zeek_mqtt;kind:termfield;friendly:MQTT Protocol;help:MQTT Protocol -zeek.mqtt_connect.proto_version=db:zeek.mqtt_connect.proto_version;group:zeek_mqtt;kind:termfield;friendly:Protocol Version;help:Protocol Version -zeek.mqtt_connect.client_id=db:zeek.mqtt_connect.client_id;group:zeek_mqtt;kind:termfield;friendly:Client ID;help:Client ID -zeek.mqtt_connect.connect_status=db:zeek.mqtt_connect.connect_status;group:zeek_mqtt;kind:termfield;friendly:Connect Status;help:Connect Status -zeek.mqtt_connect.will_topic=db:zeek.mqtt_connect.will_topic;group:zeek_mqtt;kind:termfield;friendly:LWT Topic;help:Last Will and Testament Topic -zeek.mqtt_connect.will_payload=db:zeek.mqtt_connect.will_payload;group:zeek_mqtt;kind:termfield;friendly:LWT Payload;help:Last Will and Testament Payload +zeek.mqtt_connect.proto_name=db:zeek.mqtt_connect.proto_name;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:MQTT Protocol;help:MQTT Protocol +zeek.mqtt_connect.proto_version=db:zeek.mqtt_connect.proto_version;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Protocol Version;help:Protocol Version +zeek.mqtt_connect.client_id=db:zeek.mqtt_connect.client_id;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Client ID;help:Client ID +zeek.mqtt_connect.connect_status=db:zeek.mqtt_connect.connect_status;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Connect Status;help:Connect Status +zeek.mqtt_connect.will_topic=db:zeek.mqtt_connect.will_topic;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:LWT Topic;help:Last Will and Testament Topic +zeek.mqtt_connect.will_payload=db:zeek.mqtt_connect.will_payload;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:LWT Payload;help:Last Will and Testament Payload # mqtt_publish.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::PublishInfo -zeek.mqtt_publish.from_client=db:zeek.mqtt_publish.from_client;group:zeek_mqtt;kind:termfield;friendly:From Client;help:From Client -zeek.mqtt_publish.retain=db:zeek.mqtt_publish.retain;group:zeek_mqtt;kind:termfield;friendly:Retain Flag;help:Retain Flag -zeek.mqtt_publish.qos=db:zeek.mqtt_publish.qos;group:zeek_mqtt;kind:termfield;friendly:QoS Level;help:QoS Level -zeek.mqtt_publish.status=db:zeek.mqtt_publish.status;group:zeek_mqtt;kind:termfield;friendly:Message Status;help:Message Status -zeek.mqtt_publish.topic=db:zeek.mqtt_publish.topic;group:zeek_mqtt;kind:termfield;friendly:Topic;help:Topic -zeek.mqtt_publish.payload=db:zeek.mqtt_publish.payload;group:zeek_mqtt;kind:termfield;friendly:Payload;help:Payload -zeek.mqtt_publish.payload_len=db:zeek.mqtt_publish.payload_len;group:zeek_mqtt;kind:integer;friendly:Payload Length;help:Payload Length -zeek.mqtt_publish.payload_dict.messageType=db:zeek.mqtt_publish.payload_dict.messageType;group:zeek_mqtt;kind:termfield;friendly:Message Type;help:Message Type +zeek.mqtt_publish.from_client=db:zeek.mqtt_publish.from_client;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:From Client;help:From Client +zeek.mqtt_publish.retain=db:zeek.mqtt_publish.retain;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Retain Flag;help:Retain Flag +zeek.mqtt_publish.qos=db:zeek.mqtt_publish.qos;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:QoS Level;help:QoS Level +zeek.mqtt_publish.status=db:zeek.mqtt_publish.status;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Message Status;help:Message Status +zeek.mqtt_publish.topic=db:zeek.mqtt_publish.topic;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Topic;help:Topic +zeek.mqtt_publish.payload=db:zeek.mqtt_publish.payload;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Payload;help:Payload +zeek.mqtt_publish.payload_len=db:zeek.mqtt_publish.payload_len;group:zeek_mqtt;kind:integer;viewerOnly:true;friendly:Payload Length;help:Payload Length +zeek.mqtt_publish.payload_dict.messageType=db:zeek.mqtt_publish.payload_dict.messageType;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Message Type;help:Message Type # mqtt_subscribe.log # https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::SubscribeInfo -zeek.mqtt_subscribe.action=db:zeek.mqtt_subscribe.action;group:zeek_mqtt;kind:termfield;friendly:Action;help:Action -zeek.mqtt_subscribe.topics=db:zeek.mqtt_subscribe.topics;group:zeek_mqtt;kind:termfield;friendly:Topic;help:Topic -zeek.mqtt_subscribe.qos_levels=db:zeek.mqtt_subscribe.qos_levels;group:zeek_mqtt;kind:integer;friendly:QoS Level Requested;help:QoS Level Requested -zeek.mqtt_subscribe.granted_qos_level=db:zeek.mqtt_subscribe.granted_qos_level;group:zeek_mqtt;kind:integer;friendly:QoS Level Granted;help:QoS Level Granted -zeek.mqtt_subscribe.ack=db:zeek.mqtt_subscribe.ack;group:zeek_mqtt;kind:termfield;friendly:ACKed;help:ACKed +zeek.mqtt_subscribe.action=db:zeek.mqtt_subscribe.action;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Action;help:Action +zeek.mqtt_subscribe.topics=db:zeek.mqtt_subscribe.topics;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:Topic;help:Topic +zeek.mqtt_subscribe.qos_levels=db:zeek.mqtt_subscribe.qos_levels;group:zeek_mqtt;kind:integer;viewerOnly:true;friendly:QoS Level Requested;help:QoS Level Requested +zeek.mqtt_subscribe.granted_qos_level=db:zeek.mqtt_subscribe.granted_qos_level;group:zeek_mqtt;kind:integer;viewerOnly:true;friendly:QoS Level Granted;help:QoS Level Granted +zeek.mqtt_subscribe.ack=db:zeek.mqtt_subscribe.ack;group:zeek_mqtt;kind:termfield;viewerOnly:true;friendly:ACKed;help:ACKed # mysql.log # https://docs.zeek.org/en/stable/scripts/base/protocols/mysql/main.zeek.html#type-MySQL::Info -zeek.mysql.cmd=db:zeek.mysql.cmd;group:zeek_mysql;kind:termfield;friendly:Command;help:Command -zeek.mysql.arg=db:zeek.mysql.arg;group:zeek_mysql;kind:termfield;friendly:Argument;help:Argument -zeek.mysql.success=db:zeek.mysql.success;group:zeek_mysql;kind:termfield;friendly:Success;help:Success -zeek.mysql.rows=db:zeek.mysql.rows;group:zeek_mysql;kind:integer;friendly:Rows Affected;help:Rows Affected -zeek.mysql.response=db:zeek.mysql.response;group:zeek_mysql;kind:termfield;friendly:Response;help:Response +zeek.mysql.cmd=db:zeek.mysql.cmd;group:zeek_mysql;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.mysql.arg=db:zeek.mysql.arg;group:zeek_mysql;kind:termfield;viewerOnly:true;friendly:Argument;help:Argument +zeek.mysql.success=db:zeek.mysql.success;group:zeek_mysql;kind:termfield;viewerOnly:true;friendly:Success;help:Success +zeek.mysql.rows=db:zeek.mysql.rows;group:zeek_mysql;kind:integer;viewerOnly:true;friendly:Rows Affected;help:Rows Affected +zeek.mysql.response=db:zeek.mysql.response;group:zeek_mysql;kind:termfield;viewerOnly:true;friendly:Response;help:Response # notice.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/notice/main.zeek.html#type-Notice::Info -zeek.notice.file_mime_type=db:zeek.notice.file_mime_type;group:zeek_notice;kind:termfield;friendly:File Magic;help:File Magic -zeek.notice.file_desc=db:zeek.notice.file_desc;group:zeek_notice;kind:termfield;friendly:File Description;help:File Description -zeek.notice.note=db:zeek.notice.note;group:zeek_notice;kind:termfield;friendly:Notice Type;help:Notice Type -zeek.notice.msg=db:zeek.notice.msg;group:zeek_notice;kind:termfield;friendly:Message;help:Message -zeek.notice.sub=db:zeek.notice.sub;group:zeek_notice;kind:termfield;friendly:Submessage;help:Submessage -zeek.notice.src=db:zeek.notice.src;group:zeek_notice;kind:termfield;friendly:Notice Source;help:Notice Source -zeek.notice.dst=db:zeek.notice.dst;group:zeek_notice;kind:termfield;friendly:Notice Destination;help:Notice Destination -zeek.notice.p=db:zeek.notice.p;group:zeek_notice;kind:integer;friendly:Notice Port;help:Notice Port -zeek.notice.n=db:zeek.notice.n;group:zeek_notice;kind:integer;friendly:Notice Count or Code;help:Notice Count or Code -zeek.notice.peer_descr=db:zeek.notice.peer_descr;group:zeek_notice;kind:termfield;friendly:Remote Peer;help:Remote Peer -zeek.notice.actions=db:zeek.notice.actions;group:zeek_notice;kind:termfield;friendly:Action;help:Action -zeek.notice.suppress_for=db:zeek.notice.suppress_for;group:zeek_notice;kind:termfield;friendly:Suppress Interval;help:Suppress Interval -zeek.notice.dropped=db:zeek.notice.dropped;group:zeek_notice;kind:termfield;friendly:Dropped;help:Dropped -zeek.notice.remote_location_country_code=db:zeek.notice.remote_location_country_code;group:zeek_notice;kind:termfield;friendly:Notice Country Code;help:Notice Country Code -zeek.notice.remote_location_region=db:zeek.notice.remote_location_region;group:zeek_notice;kind:termfield;friendly:Notice Region;help:Notice Region -zeek.notice.remote_location_city=db:zeek.notice.remote_location_city;group:zeek_notice;kind:termfield;friendly:Notice City;help:Notice City -zeek.notice.remote_location_latitude=db:zeek.notice.remote_location_latitude;group:zeek_notice;kind:termfield;friendly:Notice Latitude;help:Notice Latitude -zeek.notice.remote_location_longitude=db:zeek.notice.remote_location_longitude;group:zeek_notice;kind:termfield;friendly:Notice Longitude;help:Notice Longitude +zeek.notice.file_mime_type=db:zeek.notice.file_mime_type;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:File Magic;help:File Magic +zeek.notice.file_desc=db:zeek.notice.file_desc;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:File Description;help:File Description +zeek.notice.note=db:zeek.notice.note;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Type;help:Notice Type +zeek.notice.msg=db:zeek.notice.msg;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Message;help:Message +zeek.notice.sub=db:zeek.notice.sub;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Submessage;help:Submessage +zeek.notice.src=db:zeek.notice.src;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Source;help:Notice Source +zeek.notice.dst=db:zeek.notice.dst;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Destination;help:Notice Destination +zeek.notice.p=db:zeek.notice.p;group:zeek_notice;kind:integer;viewerOnly:true;friendly:Notice Port;help:Notice Port +zeek.notice.n=db:zeek.notice.n;group:zeek_notice;kind:integer;viewerOnly:true;friendly:Notice Count or Code;help:Notice Count or Code +zeek.notice.peer_descr=db:zeek.notice.peer_descr;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Remote Peer;help:Remote Peer +zeek.notice.actions=db:zeek.notice.actions;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Action;help:Action +zeek.notice.suppress_for=db:zeek.notice.suppress_for;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Suppress Interval;help:Suppress Interval +zeek.notice.dropped=db:zeek.notice.dropped;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Dropped;help:Dropped +zeek.notice.remote_location_country_code=db:zeek.notice.remote_location_country_code;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Country Code;help:Notice Country Code +zeek.notice.remote_location_region=db:zeek.notice.remote_location_region;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Region;help:Notice Region +zeek.notice.remote_location_city=db:zeek.notice.remote_location_city;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice City;help:Notice City +zeek.notice.remote_location_latitude=db:zeek.notice.remote_location_latitude;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Latitude;help:Notice Latitude +zeek.notice.remote_location_longitude=db:zeek.notice.remote_location_longitude;group:zeek_notice;kind:termfield;viewerOnly:true;friendly:Notice Longitude;help:Notice Longitude # ntlm.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ntlm/main.zeek.html#type-NTLM::Info -zeek.ntlm.host=db:zeek.ntlm.host;group:zeek_ntlm;kind:termfield;friendly:Client Hostname;help:Client Hostname -zeek.ntlm.domain=db:zeek.ntlm.domain;group:zeek_ntlm;kind:termfield;friendly:Client Domain Name;help:Client Domain Name -zeek.ntlm.success=db:zeek.ntlm.success;group:zeek_ntlm;kind:termfield;friendly:Authentication Success;help:Authentication Success -zeek.ntlm.status=db:zeek.ntlm.status;group:zeek_ntlm;kind:termfield;friendly:Status;help:Status -zeek.ntlm.server_nb_computer=db:zeek.ntlm.server_nb_computer;group:zeek_ntlm;kind:termfield;friendly:Server CHALLENGE NetBIOS;help:Server CHALLENGE NetBIOS -zeek.ntlm.server_dns_computer=db:zeek.ntlm.server_dns_computer;group:zeek_ntlm;kind:termfield;friendly:Server CHALLENGE DNS;help:Server CHALLENGE DNS -zeek.ntlm.server_tree=db:zeek.ntlm.server_tree;group:zeek_ntlm;kind:termfield;friendly:Server CHALLENGE Tree;help:Server CHALLENGE Tree +zeek.ntlm.host=db:zeek.ntlm.host;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Client Hostname;help:Client Hostname +zeek.ntlm.domain=db:zeek.ntlm.domain;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Client Domain Name;help:Client Domain Name +zeek.ntlm.success=db:zeek.ntlm.success;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Authentication Success;help:Authentication Success +zeek.ntlm.status=db:zeek.ntlm.status;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Status;help:Status +zeek.ntlm.server_nb_computer=db:zeek.ntlm.server_nb_computer;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Server CHALLENGE NetBIOS;help:Server CHALLENGE NetBIOS +zeek.ntlm.server_dns_computer=db:zeek.ntlm.server_dns_computer;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Server CHALLENGE DNS;help:Server CHALLENGE DNS +zeek.ntlm.server_tree=db:zeek.ntlm.server_tree;group:zeek_ntlm;kind:termfield;viewerOnly:true;friendly:Server CHALLENGE Tree;help:Server CHALLENGE Tree # ntp.log # https://docs.zeek.org/en/latest/scripts/base/protocols/ntp/main.zeek.html#type-NTP::Info -zeek.ntp.version=db:zeek.ntp.version;group:zeek_ntp;kind:integer;friendly:NTP Version;help:NTP Version -zeek.ntp.mode=db:zeek.ntp.mode;group:zeek_ntp;kind:termfield;friendly:NTP Mode Code;help:NTP Mode Code -zeek.ntp.mode_str=db:zeek.ntp.mode_str;group:zeek_ntp;kind:termfield;friendly:NTP Mode;help:NTP Mode -zeek.ntp.stratum=db:zeek.ntp.stratum;group:zeek_ntp;kind:termfield;friendly:Stratum;help:Stratum -zeek.ntp.poll=db:zeek.ntp.poll;group:zeek_ntp;kind:termfield;friendly:Poll Interval;help:Poll Interval -zeek.ntp.precision=db:zeek.ntp.precision;group:zeek_ntp;kind:termfield;friendly:Clock Precision;help:Clock Precision -zeek.ntp.root_delay=db:zeek.ntp.root_delay;group:zeek_ntp;kind:termfield;friendly:Synchronizing Distance;help:Synchronizing Distance -zeek.ntp.root_disp=db:zeek.ntp.root_disp;group:zeek_ntp;kind:termfield;friendly:Estimated Drift Rate;help:Estimated Drift Rate -zeek.ntp.ref_id=db:zeek.ntp.ref_id;group:zeek_ntp;kind:termfield;friendly:Reference Clock Identifier;help:Reference Clock Identifier -zeek.ntp.ref_time=db:zeek.ntp.ref_time;group:zeek_ntp;kind:termfield;friendly:Reference Timestamp;help:Reference Timestamp -zeek.ntp.org_time=db:zeek.ntp.org_time;group:zeek_ntp;kind:termfield;friendly:Originate Timestamp;help:Originate Timestamp -zeek.ntp.rec_time=db:zeek.ntp.rec_time;group:zeek_ntp;kind:termfield;friendly:Receive Timestamp;help:Receive Timestamp -zeek.ntp.xmt_time=db:zeek.ntp.xmt_time;group:zeek_ntp;kind:termfield;friendly:Transmit Timestamp;help:Transmit Timestamp -zeek.ntp.num_exts=db:zeek.ntp.num_exts;group:zeek_ntp;kind:integer;friendly:Extension Fields;help:Extension Fields +zeek.ntp.version=db:zeek.ntp.version;group:zeek_ntp;kind:integer;viewerOnly:true;friendly:NTP Version;help:NTP Version +zeek.ntp.mode=db:zeek.ntp.mode;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:NTP Mode Code;help:NTP Mode Code +zeek.ntp.mode_str=db:zeek.ntp.mode_str;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:NTP Mode;help:NTP Mode +zeek.ntp.stratum=db:zeek.ntp.stratum;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Stratum;help:Stratum +zeek.ntp.poll=db:zeek.ntp.poll;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Poll Interval;help:Poll Interval +zeek.ntp.precision=db:zeek.ntp.precision;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Clock Precision;help:Clock Precision +zeek.ntp.root_delay=db:zeek.ntp.root_delay;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Synchronizing Distance;help:Synchronizing Distance +zeek.ntp.root_disp=db:zeek.ntp.root_disp;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Estimated Drift Rate;help:Estimated Drift Rate +zeek.ntp.ref_id=db:zeek.ntp.ref_id;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Reference Clock Identifier;help:Reference Clock Identifier +zeek.ntp.ref_time=db:zeek.ntp.ref_time;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Reference Timestamp;help:Reference Timestamp +zeek.ntp.org_time=db:zeek.ntp.org_time;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Originate Timestamp;help:Originate Timestamp +zeek.ntp.rec_time=db:zeek.ntp.rec_time;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Receive Timestamp;help:Receive Timestamp +zeek.ntp.xmt_time=db:zeek.ntp.xmt_time;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Transmit Timestamp;help:Transmit Timestamp +zeek.ntp.num_exts=db:zeek.ntp.num_exts;group:zeek_ntp;kind:integer;viewerOnly:true;friendly:Extension Fields;help:Extension Fields # opcua_binary_activate_session.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_activate_session.client_algorithm=db:zeek.opcua_binary_activate_session.client_algorithm;group:zeek_opcua;kind:termfield;friendly:client_algorithm;help:client_algorithm -zeek.opcua_binary_activate_session.client_signature=db:zeek.opcua_binary_activate_session.client_signature;group:zeek_opcua;kind:termfield;friendly:client_signature;help:client_signature -zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask=db:zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_encoding_mask;help:ext_obj_type_id_encoding_mask -zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx=db:zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_namespace_idx;help:ext_obj_type_id_namespace_idx -zeek.opcua_binary_activate_session.ext_obj_type_id_numeric=db:zeek.opcua_binary_activate_session.ext_obj_type_id_numeric;group:zeek_opcua;kind:integer;friendly:ext_obj_type_id_numeric;help:ext_obj_type_id_numeric -zeek.opcua_binary_activate_session.ext_obj_type_id_string=db:zeek.opcua_binary_activate_session.ext_obj_type_id_string;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_string;help:ext_obj_type_id_string -zeek.opcua_binary_activate_session.ext_obj_type_id_guid=db:zeek.opcua_binary_activate_session.ext_obj_type_id_guid;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_guid;help:ext_obj_type_id_guid -zeek.opcua_binary_activate_session.ext_obj_type_id_opaque=db:zeek.opcua_binary_activate_session.ext_obj_type_id_opaque;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_opaque;help:ext_obj_type_id_opaque -zeek.opcua_binary_activate_session.ext_obj_type_id_str=db:zeek.opcua_binary_activate_session.ext_obj_type_id_str;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_str;help:ext_obj_type_id_str -zeek.opcua_binary_activate_session.ext_obj_encoding=db:zeek.opcua_binary_activate_session.ext_obj_encoding;group:zeek_opcua;kind:termfield;friendly:ext_obj_encoding;help:ext_obj_encoding -zeek.opcua_binary_activate_session.ext_obj_policy_id=db:zeek.opcua_binary_activate_session.ext_obj_policy_id;group:zeek_opcua;kind:termfield;friendly:ext_obj_policy_id;help:ext_obj_policy_id -zeek.opcua_binary_activate_session.ext_obj_user_name=db:zeek.opcua_binary_activate_session.ext_obj_user_name;group:zeek_opcua;kind:termfield;friendly:ext_obj_user_name;help:ext_obj_user_name -zeek.opcua_binary_activate_session.ext_obj_password=db:zeek.opcua_binary_activate_session.ext_obj_password;group:zeek_opcua;kind:termfield;friendly:ext_obj_password;help:ext_obj_password -zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom=db:zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom;group:zeek_opcua;kind:termfield;friendly:ext_obj_encryption_algorithom;help:ext_obj_encryption_algorithom -zeek.opcua_binary_activate_session.ext_obj_certificate_data=db:zeek.opcua_binary_activate_session.ext_obj_certificate_data;group:zeek_opcua;kind:termfield;friendly:ext_obj_certificate_data;help:ext_obj_certificate_data -zeek.opcua_binary_activate_session.ext_obj_token_data=db:zeek.opcua_binary_activate_session.ext_obj_token_data;group:zeek_opcua;kind:termfield;friendly:ext_obj_token_data;help:ext_obj_token_data -zeek.opcua_binary_activate_session.user_token_algorithm=db:zeek.opcua_binary_activate_session.user_token_algorithm;group:zeek_opcua;kind:termfield;friendly:user_token_algorithm;help:user_token_algorithm -zeek.opcua_binary_activate_session.user_token_signature=db:zeek.opcua_binary_activate_session.user_token_signature;group:zeek_opcua;kind:termfield;friendly:user_token_signature;help:user_token_signature -zeek.opcua_binary_activate_session.server_nonce=db:zeek.opcua_binary_activate_session.server_nonce;group:zeek_opcua;kind:termfield;friendly:server_nonce;help:server_nonce +zeek.opcua_binary_activate_session.client_algorithm=db:zeek.opcua_binary_activate_session.client_algorithm;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_algorithm;help:client_algorithm +zeek.opcua_binary_activate_session.client_signature=db:zeek.opcua_binary_activate_session.client_signature;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_signature;help:client_signature +zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask=db:zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_encoding_mask;help:ext_obj_type_id_encoding_mask +zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx=db:zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_namespace_idx;help:ext_obj_type_id_namespace_idx +zeek.opcua_binary_activate_session.ext_obj_type_id_numeric=db:zeek.opcua_binary_activate_session.ext_obj_type_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:ext_obj_type_id_numeric;help:ext_obj_type_id_numeric +zeek.opcua_binary_activate_session.ext_obj_type_id_string=db:zeek.opcua_binary_activate_session.ext_obj_type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_string;help:ext_obj_type_id_string +zeek.opcua_binary_activate_session.ext_obj_type_id_guid=db:zeek.opcua_binary_activate_session.ext_obj_type_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_guid;help:ext_obj_type_id_guid +zeek.opcua_binary_activate_session.ext_obj_type_id_opaque=db:zeek.opcua_binary_activate_session.ext_obj_type_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_opaque;help:ext_obj_type_id_opaque +zeek.opcua_binary_activate_session.ext_obj_type_id_str=db:zeek.opcua_binary_activate_session.ext_obj_type_id_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_str;help:ext_obj_type_id_str +zeek.opcua_binary_activate_session.ext_obj_encoding=db:zeek.opcua_binary_activate_session.ext_obj_encoding;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_encoding;help:ext_obj_encoding +zeek.opcua_binary_activate_session.ext_obj_policy_id=db:zeek.opcua_binary_activate_session.ext_obj_policy_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_policy_id;help:ext_obj_policy_id +zeek.opcua_binary_activate_session.ext_obj_user_name=db:zeek.opcua_binary_activate_session.ext_obj_user_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_user_name;help:ext_obj_user_name +zeek.opcua_binary_activate_session.ext_obj_password=db:zeek.opcua_binary_activate_session.ext_obj_password;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_password;help:ext_obj_password +zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom=db:zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_encryption_algorithom;help:ext_obj_encryption_algorithom +zeek.opcua_binary_activate_session.ext_obj_certificate_data=db:zeek.opcua_binary_activate_session.ext_obj_certificate_data;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_certificate_data;help:ext_obj_certificate_data +zeek.opcua_binary_activate_session.ext_obj_token_data=db:zeek.opcua_binary_activate_session.ext_obj_token_data;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_token_data;help:ext_obj_token_data +zeek.opcua_binary_activate_session.user_token_algorithm=db:zeek.opcua_binary_activate_session.user_token_algorithm;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_algorithm;help:user_token_algorithm +zeek.opcua_binary_activate_session.user_token_signature=db:zeek.opcua_binary_activate_session.user_token_signature;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_signature;help:user_token_signature +zeek.opcua_binary_activate_session.server_nonce=db:zeek.opcua_binary_activate_session.server_nonce;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_nonce;help:server_nonce # opcua_binary_activate_session_client_software_cert.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id=db:zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id;group:zeek_opcua;kind:termfield;friendly:client_software_cert_link_id;help:client_software_cert_link_id -zeek.opcua_binary_activate_session_client_software_cert.cert_data=db:zeek.opcua_binary_activate_session_client_software_cert.cert_data;group:zeek_opcua;kind:termfield;friendly:cert_data;help:cert_data -zeek.opcua_binary_activate_session_client_software_cert.cert_signature=db:zeek.opcua_binary_activate_session_client_software_cert.cert_signature;group:zeek_opcua;kind:termfield;friendly:cert_signature;help:cert_signature +zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id=db:zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_software_cert_link_id;help:client_software_cert_link_id +zeek.opcua_binary_activate_session_client_software_cert.cert_data=db:zeek.opcua_binary_activate_session_client_software_cert.cert_data;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:cert_data;help:cert_data +zeek.opcua_binary_activate_session_client_software_cert.cert_signature=db:zeek.opcua_binary_activate_session_client_software_cert.cert_signature;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:cert_signature;help:cert_signature # opcua_binary_activate_session_locale_id.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id=db:zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id;group:zeek_opcua;kind:termfield;friendly:opcua_locale_link_id;help:opcua_locale_link_id -zeek.opcua_binary_activate_session_locale_id.local_id=db:zeek.opcua_binary_activate_session_locale_id.local_id;group:zeek_opcua;kind:termfield;friendly:local_id;help:local_id +zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id=db:zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:opcua_locale_link_id;help:opcua_locale_link_id +zeek.opcua_binary_activate_session_locale_id.local_id=db:zeek.opcua_binary_activate_session_locale_id.local_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:local_id;help:local_id # opcua_binary_aggregate_filter.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_aggregate_filter.start_time=db:zeek.opcua_binary_aggregate_filter.start_time;group:zeek_opcua;kind:termfield;friendly:start_time;help:start_time -zeek.opcua_binary_aggregate_filter.start_time_str=db:zeek.opcua_binary_aggregate_filter.start_time_str;group:zeek_opcua;kind:termfield;friendly:start_time_str;help:start_time_str -zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask=db:zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask;group:zeek_opcua;kind:termfield;friendly:aggregate_type_encoding_mask;help:aggregate_type_encoding_mask -zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx=db:zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx;group:zeek_opcua;kind:termfield;friendly:aggregate_type_namespace_idx;help:aggregate_type_namespace_idx -zeek.opcua_binary_aggregate_filter.aggregate_type_numeric=db:zeek.opcua_binary_aggregate_filter.aggregate_type_numeric;group:zeek_opcua;kind:integer;friendly:aggregate_type_numeric;help:aggregate_type_numeric -zeek.opcua_binary_aggregate_filter.aggregate_type_string=db:zeek.opcua_binary_aggregate_filter.aggregate_type_string;group:zeek_opcua;kind:termfield;friendly:aggregate_type_string;help:aggregate_type_string -zeek.opcua_binary_aggregate_filter.aggregate_type_guid=db:zeek.opcua_binary_aggregate_filter.aggregate_type_guid;group:zeek_opcua;kind:termfield;friendly:aggregate_type_guid;help:aggregate_type_guid -zeek.opcua_binary_aggregate_filter.aggregate_type_opaque=db:zeek.opcua_binary_aggregate_filter.aggregate_type_opaque;group:zeek_opcua;kind:termfield;friendly:aggregate_type_opaque;help:aggregate_type_opaque -zeek.opcua_binary_aggregate_filter.processing_interval=db:zeek.opcua_binary_aggregate_filter.processing_interval;group:zeek_opcua;kind:termfield;friendly:processing_interval;help:processing_interval -zeek.opcua_binary_aggregate_filter.use_server_capabilities_default=db:zeek.opcua_binary_aggregate_filter.use_server_capabilities_default;group:zeek_opcua;kind:termfield;friendly:use_server_capabilities_default;help:use_server_capabilities_default -zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad=db:zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad;group:zeek_opcua;kind:termfield;friendly:treat_uncertain_as_bad;help:treat_uncertain_as_bad -zeek.opcua_binary_aggregate_filter.percent_data_good=db:zeek.opcua_binary_aggregate_filter.percent_data_good;group:zeek_opcua;kind:integer;friendly:percent_data_good;help:percent_data_good -zeek.opcua_binary_aggregate_filter.percent_data_bad=db:zeek.opcua_binary_aggregate_filter.percent_data_bad;group:zeek_opcua;kind:integer;friendly:percent_data_bad;help:percent_data_bad -zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation=db:zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation;group:zeek_opcua;kind:termfield;friendly:use_slopped_extrapolation;help:use_slopped_extrapolation -zeek.opcua_binary_aggregate_filter.revised_start_time=db:zeek.opcua_binary_aggregate_filter.revised_start_time;group:zeek_opcua;kind:termfield;friendly:revised_start_time;help:revised_start_time -zeek.opcua_binary_aggregate_filter.revised_start_time_str=db:zeek.opcua_binary_aggregate_filter.revised_start_time_str;group:zeek_opcua;kind:termfield;friendly:revised_start_time_str;help:revised_start_time_str -zeek.opcua_binary_aggregate_filter.revised_processing_interval=db:zeek.opcua_binary_aggregate_filter.revised_processing_interval;group:zeek_opcua;kind:termfield;friendly:revised_processing_interval;help:revised_processing_interval -zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default=db:zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default;group:zeek_opcua;kind:termfield;friendly:revised_use_server_capabilities_default;help:revised_use_server_capabilities_default -zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad=db:zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad;group:zeek_opcua;kind:termfield;friendly:revised_treat_uncertain_as_bad;help:revised_treat_uncertain_as_bad -zeek.opcua_binary_aggregate_filter.revised_percent_data_good=db:zeek.opcua_binary_aggregate_filter.revised_percent_data_good;group:zeek_opcua;kind:integer;friendly:revised_percent_data_good;help:revised_percent_data_good -zeek.opcua_binary_aggregate_filter.revised_percent_data_bad=db:zeek.opcua_binary_aggregate_filter.revised_percent_data_bad;group:zeek_opcua;kind:integer;friendly:revised_percent_data_bad;help:revised_percent_data_bad -zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation=db:zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation;group:zeek_opcua;kind:termfield;friendly:revised_use_slopped_extrapolation;help:revised_use_slopped_extrapolation +zeek.opcua_binary_aggregate_filter.start_time=db:zeek.opcua_binary_aggregate_filter.start_time;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:start_time;help:start_time +zeek.opcua_binary_aggregate_filter.start_time_str=db:zeek.opcua_binary_aggregate_filter.start_time_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:start_time_str;help:start_time_str +zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask=db:zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:aggregate_type_encoding_mask;help:aggregate_type_encoding_mask +zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx=db:zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:aggregate_type_namespace_idx;help:aggregate_type_namespace_idx +zeek.opcua_binary_aggregate_filter.aggregate_type_numeric=db:zeek.opcua_binary_aggregate_filter.aggregate_type_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:aggregate_type_numeric;help:aggregate_type_numeric +zeek.opcua_binary_aggregate_filter.aggregate_type_string=db:zeek.opcua_binary_aggregate_filter.aggregate_type_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:aggregate_type_string;help:aggregate_type_string +zeek.opcua_binary_aggregate_filter.aggregate_type_guid=db:zeek.opcua_binary_aggregate_filter.aggregate_type_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:aggregate_type_guid;help:aggregate_type_guid +zeek.opcua_binary_aggregate_filter.aggregate_type_opaque=db:zeek.opcua_binary_aggregate_filter.aggregate_type_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:aggregate_type_opaque;help:aggregate_type_opaque +zeek.opcua_binary_aggregate_filter.processing_interval=db:zeek.opcua_binary_aggregate_filter.processing_interval;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:processing_interval;help:processing_interval +zeek.opcua_binary_aggregate_filter.use_server_capabilities_default=db:zeek.opcua_binary_aggregate_filter.use_server_capabilities_default;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:use_server_capabilities_default;help:use_server_capabilities_default +zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad=db:zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:treat_uncertain_as_bad;help:treat_uncertain_as_bad +zeek.opcua_binary_aggregate_filter.percent_data_good=db:zeek.opcua_binary_aggregate_filter.percent_data_good;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:percent_data_good;help:percent_data_good +zeek.opcua_binary_aggregate_filter.percent_data_bad=db:zeek.opcua_binary_aggregate_filter.percent_data_bad;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:percent_data_bad;help:percent_data_bad +zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation=db:zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:use_slopped_extrapolation;help:use_slopped_extrapolation +zeek.opcua_binary_aggregate_filter.revised_start_time=db:zeek.opcua_binary_aggregate_filter.revised_start_time;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_start_time;help:revised_start_time +zeek.opcua_binary_aggregate_filter.revised_start_time_str=db:zeek.opcua_binary_aggregate_filter.revised_start_time_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_start_time_str;help:revised_start_time_str +zeek.opcua_binary_aggregate_filter.revised_processing_interval=db:zeek.opcua_binary_aggregate_filter.revised_processing_interval;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_processing_interval;help:revised_processing_interval +zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default=db:zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_use_server_capabilities_default;help:revised_use_server_capabilities_default +zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad=db:zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_treat_uncertain_as_bad;help:revised_treat_uncertain_as_bad +zeek.opcua_binary_aggregate_filter.revised_percent_data_good=db:zeek.opcua_binary_aggregate_filter.revised_percent_data_good;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_percent_data_good;help:revised_percent_data_good +zeek.opcua_binary_aggregate_filter.revised_percent_data_bad=db:zeek.opcua_binary_aggregate_filter.revised_percent_data_bad;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_percent_data_bad;help:revised_percent_data_bad +zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation=db:zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:revised_use_slopped_extrapolation;help:revised_use_slopped_extrapolation # opcua_binary_event_filter_attribute_operand.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:node_id_encoding_mask;help:node_id_encoding_mask -zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:node_id_namespace_idx;help:node_id_namespace_idx -zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric;group:zeek_opcua;kind:integer;friendly:node_id_numeric;help:node_id_numeric -zeek.opcua_binary_event_filter_attribute_operand.node_id_string=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_string;group:zeek_opcua;kind:termfield;friendly:node_id_string;help:node_id_string -zeek.opcua_binary_event_filter_attribute_operand.node_id_guid=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_guid;group:zeek_opcua;kind:termfield;friendly:node_id_guid;help:node_id_guid -zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque;group:zeek_opcua;kind:termfield;friendly:node_id_opaque;help:node_id_opaque -zeek.opcua_binary_event_filter_attribute_operand.alias=db:zeek.opcua_binary_event_filter_attribute_operand.alias;group:zeek_opcua;kind:termfield;friendly:alias;help:alias -zeek.opcua_binary_event_filter_attribute_operand.attribute=db:zeek.opcua_binary_event_filter_attribute_operand.attribute;group:zeek_opcua;kind:termfield;friendly:attribute;help:attribute -zeek.opcua_binary_event_filter_attribute_operand.index_range=db:zeek.opcua_binary_event_filter_attribute_operand.index_range;group:zeek_opcua;kind:termfield;friendly:index_range;help:index_range +zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_encoding_mask;help:node_id_encoding_mask +zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_namespace_idx;help:node_id_namespace_idx +zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:node_id_numeric;help:node_id_numeric +zeek.opcua_binary_event_filter_attribute_operand.node_id_string=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_string;help:node_id_string +zeek.opcua_binary_event_filter_attribute_operand.node_id_guid=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_guid;help:node_id_guid +zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque=db:zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_opaque;help:node_id_opaque +zeek.opcua_binary_event_filter_attribute_operand.alias=db:zeek.opcua_binary_event_filter_attribute_operand.alias;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:alias;help:alias +zeek.opcua_binary_event_filter_attribute_operand.attribute=db:zeek.opcua_binary_event_filter_attribute_operand.attribute;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:attribute;help:attribute +zeek.opcua_binary_event_filter_attribute_operand.index_range=db:zeek.opcua_binary_event_filter_attribute_operand.index_range;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:index_range;help:index_range # opcua_binary_event_filter_attribute_operand_browse_paths.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id;group:zeek_opcua;kind:termfield;friendly:browse_path_element_link_id;help:browse_path_element_link_id -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:type_id_encoding_mask;help:type_id_encoding_mask -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:type_id_namespace_idx;help:type_id_namespace_idx -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric;group:zeek_opcua;kind:integer;friendly:type_id_numeric;help:type_id_numeric -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string;group:zeek_opcua;kind:termfield;friendly:type_id_string;help:type_id_string -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid;group:zeek_opcua;kind:termfield;friendly:type_id_guid;help:type_id_guid -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque;group:zeek_opcua;kind:termfield;friendly:type_id_opaque;help:type_id_opaque -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse;group:zeek_opcua;kind:termfield;friendly:is_inverse;help:is_inverse -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes;group:zeek_opcua;kind:termfield;friendly:include_subtypes;help:include_subtypes -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx;group:zeek_opcua;kind:termfield;friendly:target_name_namespace_idx;help:target_name_namespace_idx -zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name;group:zeek_opcua;kind:termfield;friendly:target_name;help:target_name +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_path_element_link_id;help:browse_path_element_link_id +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_encoding_mask;help:type_id_encoding_mask +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_namespace_idx;help:type_id_namespace_idx +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:type_id_numeric;help:type_id_numeric +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_string;help:type_id_string +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_guid;help:type_id_guid +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_opaque;help:type_id_opaque +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:is_inverse;help:is_inverse +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:include_subtypes;help:include_subtypes +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:target_name_namespace_idx;help:target_name_namespace_idx +zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name=db:zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:target_name;help:target_name # opcua_binary_browse.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_browse.browse_service_type=db:zeek.opcua_binary_browse.browse_service_type;group:zeek_opcua;kind:termfield;friendly:browse_service_type;help:browse_service_type -zeek.opcua_binary_browse.browse_view_id_encoding_mask=db:zeek.opcua_binary_browse.browse_view_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_view_id_encoding_mask;help:browse_view_id_encoding_mask -zeek.opcua_binary_browse.browse_view_id_namespace_idx=db:zeek.opcua_binary_browse.browse_view_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_view_id_namespace_idx;help:browse_view_id_namespace_idx -zeek.opcua_binary_browse.browse_view_id_numeric=db:zeek.opcua_binary_browse.browse_view_id_numeric;group:zeek_opcua;kind:integer;friendly:browse_view_id_numeric;help:browse_view_id_numeric -zeek.opcua_binary_browse.browse_view_id_string=db:zeek.opcua_binary_browse.browse_view_id_string;group:zeek_opcua;kind:termfield;friendly:browse_view_id_string;help:browse_view_id_string -zeek.opcua_binary_browse.browse_view_id_guid=db:zeek.opcua_binary_browse.browse_view_id_guid;group:zeek_opcua;kind:termfield;friendly:browse_view_id_guid;help:browse_view_id_guid -zeek.opcua_binary_browse.browse_view_id_opaque=db:zeek.opcua_binary_browse.browse_view_id_opaque;group:zeek_opcua;kind:termfield;friendly:browse_view_id_opaque;help:browse_view_id_opaque -zeek.opcua_binary_browse.browse_view_description_timestamp=db:zeek.opcua_binary_browse.browse_view_description_timestamp;group:zeek_opcua;kind:termfield;friendly:browse_view_description_timestamp;help:browse_view_description_timestamp -zeek.opcua_binary_browse.browse_view_description_view_version=db:zeek.opcua_binary_browse.browse_view_description_view_version;group:zeek_opcua;kind:integer;friendly:browse_view_description_view_version;help:browse_view_description_view_version -zeek.opcua_binary_browse.req_max_ref_nodes=db:zeek.opcua_binary_browse.req_max_ref_nodes;group:zeek_opcua;kind:integer;friendly:req_max_ref_nodes;help:req_max_ref_nodes -zeek.opcua_binary_browse.browse_next_release_continuation_point=db:zeek.opcua_binary_browse.browse_next_release_continuation_point;group:zeek_opcua;kind:termfield;friendly:browse_next_release_continuation_point;help:browse_next_release_continuation_point +zeek.opcua_binary_browse.browse_service_type=db:zeek.opcua_binary_browse.browse_service_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_service_type;help:browse_service_type +zeek.opcua_binary_browse.browse_view_id_encoding_mask=db:zeek.opcua_binary_browse.browse_view_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_id_encoding_mask;help:browse_view_id_encoding_mask +zeek.opcua_binary_browse.browse_view_id_namespace_idx=db:zeek.opcua_binary_browse.browse_view_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_id_namespace_idx;help:browse_view_id_namespace_idx +zeek.opcua_binary_browse.browse_view_id_numeric=db:zeek.opcua_binary_browse.browse_view_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_view_id_numeric;help:browse_view_id_numeric +zeek.opcua_binary_browse.browse_view_id_string=db:zeek.opcua_binary_browse.browse_view_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_id_string;help:browse_view_id_string +zeek.opcua_binary_browse.browse_view_id_guid=db:zeek.opcua_binary_browse.browse_view_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_id_guid;help:browse_view_id_guid +zeek.opcua_binary_browse.browse_view_id_opaque=db:zeek.opcua_binary_browse.browse_view_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_id_opaque;help:browse_view_id_opaque +zeek.opcua_binary_browse.browse_view_description_timestamp=db:zeek.opcua_binary_browse.browse_view_description_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_view_description_timestamp;help:browse_view_description_timestamp +zeek.opcua_binary_browse.browse_view_description_view_version=db:zeek.opcua_binary_browse.browse_view_description_view_version;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_view_description_view_version;help:browse_view_description_view_version +zeek.opcua_binary_browse.req_max_ref_nodes=db:zeek.opcua_binary_browse.req_max_ref_nodes;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_max_ref_nodes;help:req_max_ref_nodes +zeek.opcua_binary_browse.browse_next_release_continuation_point=db:zeek.opcua_binary_browse.browse_next_release_continuation_point;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_next_release_continuation_point;help:browse_next_release_continuation_point # opcua_binary_browse_description.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_browse_description.browse_description_link_id=db:zeek.opcua_binary_browse_description.browse_description_link_id;group:zeek_opcua;kind:termfield;friendly:browse_description_link_id;help:browse_description_link_id -zeek.opcua_binary_browse_description.browse_description_encoding_mask=db:zeek.opcua_binary_browse_description.browse_description_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_description_encoding_mask;help:browse_description_encoding_mask -zeek.opcua_binary_browse_description.browse_description_namespace_idx=db:zeek.opcua_binary_browse_description.browse_description_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_description_namespace_idx;help:browse_description_namespace_idx -zeek.opcua_binary_browse_description.browse_description_numeric=db:zeek.opcua_binary_browse_description.browse_description_numeric;group:zeek_opcua;kind:integer;friendly:browse_description_numeric;help:browse_description_numeric -zeek.opcua_binary_browse_description.browse_description_string=db:zeek.opcua_binary_browse_description.browse_description_string;group:zeek_opcua;kind:termfield;friendly:browse_description_string;help:browse_description_string -zeek.opcua_binary_browse_description.browse_description_guid=db:zeek.opcua_binary_browse_description.browse_description_guid;group:zeek_opcua;kind:termfield;friendly:browse_description_guid;help:browse_description_guid -zeek.opcua_binary_browse_description.browse_description_opaque=db:zeek.opcua_binary_browse_description.browse_description_opaque;group:zeek_opcua;kind:termfield;friendly:browse_description_opaque;help:browse_description_opaque -zeek.opcua_binary_browse_description.browse_direction=db:zeek.opcua_binary_browse_description.browse_direction;group:zeek_opcua;kind:termfield;friendly:browse_direction;help:browse_direction -zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask=db:zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_description_ref_encoding_mask;help:browse_description_ref_encoding_mask -zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx=db:zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_description_ref_namespace_idx;help:browse_description_ref_namespace_idx -zeek.opcua_binary_browse_description.browse_description_ref_numeric=db:zeek.opcua_binary_browse_description.browse_description_ref_numeric;group:zeek_opcua;kind:integer;friendly:browse_description_ref_numeric;help:browse_description_ref_numeric -zeek.opcua_binary_browse_description.browse_description_ref_string=db:zeek.opcua_binary_browse_description.browse_description_ref_string;group:zeek_opcua;kind:termfield;friendly:browse_description_ref_string;help:browse_description_ref_string -zeek.opcua_binary_browse_description.browse_description_ref_guid=db:zeek.opcua_binary_browse_description.browse_description_ref_guid;group:zeek_opcua;kind:termfield;friendly:browse_description_ref_guid;help:browse_description_ref_guid -zeek.opcua_binary_browse_description.browse_description_ref_opaque=db:zeek.opcua_binary_browse_description.browse_description_ref_opaque;group:zeek_opcua;kind:termfield;friendly:browse_description_ref_opaque;help:browse_description_ref_opaque -zeek.opcua_binary_browse_description.browse_description_include_subtypes=db:zeek.opcua_binary_browse_description.browse_description_include_subtypes;group:zeek_opcua;kind:termfield;friendly:browse_description_include_subtypes;help:browse_description_include_subtypes -zeek.opcua_binary_browse_description.browse_node_class_mask=db:zeek.opcua_binary_browse_description.browse_node_class_mask;group:zeek_opcua;kind:termfield;friendly:browse_node_class_mask;help:browse_node_class_mask -zeek.opcua_binary_browse_description.browse_result_mask=db:zeek.opcua_binary_browse_description.browse_result_mask;group:zeek_opcua;kind:termfield;friendly:browse_result_mask;help:browse_result_mask +zeek.opcua_binary_browse_description.browse_description_link_id=db:zeek.opcua_binary_browse_description.browse_description_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_link_id;help:browse_description_link_id +zeek.opcua_binary_browse_description.browse_description_encoding_mask=db:zeek.opcua_binary_browse_description.browse_description_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_encoding_mask;help:browse_description_encoding_mask +zeek.opcua_binary_browse_description.browse_description_namespace_idx=db:zeek.opcua_binary_browse_description.browse_description_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_namespace_idx;help:browse_description_namespace_idx +zeek.opcua_binary_browse_description.browse_description_numeric=db:zeek.opcua_binary_browse_description.browse_description_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_description_numeric;help:browse_description_numeric +zeek.opcua_binary_browse_description.browse_description_string=db:zeek.opcua_binary_browse_description.browse_description_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_string;help:browse_description_string +zeek.opcua_binary_browse_description.browse_description_guid=db:zeek.opcua_binary_browse_description.browse_description_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_guid;help:browse_description_guid +zeek.opcua_binary_browse_description.browse_description_opaque=db:zeek.opcua_binary_browse_description.browse_description_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_opaque;help:browse_description_opaque +zeek.opcua_binary_browse_description.browse_direction=db:zeek.opcua_binary_browse_description.browse_direction;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_direction;help:browse_direction +zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask=db:zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_ref_encoding_mask;help:browse_description_ref_encoding_mask +zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx=db:zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_ref_namespace_idx;help:browse_description_ref_namespace_idx +zeek.opcua_binary_browse_description.browse_description_ref_numeric=db:zeek.opcua_binary_browse_description.browse_description_ref_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_description_ref_numeric;help:browse_description_ref_numeric +zeek.opcua_binary_browse_description.browse_description_ref_string=db:zeek.opcua_binary_browse_description.browse_description_ref_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_ref_string;help:browse_description_ref_string +zeek.opcua_binary_browse_description.browse_description_ref_guid=db:zeek.opcua_binary_browse_description.browse_description_ref_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_ref_guid;help:browse_description_ref_guid +zeek.opcua_binary_browse_description.browse_description_ref_opaque=db:zeek.opcua_binary_browse_description.browse_description_ref_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_ref_opaque;help:browse_description_ref_opaque +zeek.opcua_binary_browse_description.browse_description_include_subtypes=db:zeek.opcua_binary_browse_description.browse_description_include_subtypes;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_description_include_subtypes;help:browse_description_include_subtypes +zeek.opcua_binary_browse_description.browse_node_class_mask=db:zeek.opcua_binary_browse_description.browse_node_class_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_node_class_mask;help:browse_node_class_mask +zeek.opcua_binary_browse_description.browse_result_mask=db:zeek.opcua_binary_browse_description.browse_result_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_result_mask;help:browse_result_mask # opcua_binary_browse_response_references.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_browse_response_references.browse_reference_link_id=db:zeek.opcua_binary_browse_response_references.browse_reference_link_id;group:zeek_opcua;kind:termfield;friendly:browse_reference_link_id;help:browse_reference_link_id -zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_encoding_mask;help:browse_response_ref_encoding_mask -zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_namespace_idx;help:browse_response_ref_namespace_idx -zeek.opcua_binary_browse_response_references.browse_response_ref_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_ref_numeric;group:zeek_opcua;kind:integer;friendly:browse_response_ref_numeric;help:browse_response_ref_numeric -zeek.opcua_binary_browse_response_references.browse_response_ref_string=db:zeek.opcua_binary_browse_response_references.browse_response_ref_string;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_string;help:browse_response_ref_string -zeek.opcua_binary_browse_response_references.browse_response_ref_guid=db:zeek.opcua_binary_browse_response_references.browse_response_ref_guid;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_guid;help:browse_response_ref_guid -zeek.opcua_binary_browse_response_references.browse_response_ref_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_ref_opaque;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_opaque;help:browse_response_ref_opaque -zeek.opcua_binary_browse_response_references.browse_response_is_forward=db:zeek.opcua_binary_browse_response_references.browse_response_is_forward;group:zeek_opcua;kind:termfield;friendly:browse_response_is_forward;help:browse_response_is_forward -zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_encoding_mask;help:browse_response_ref_type_encoding_mask -zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_namespace_idx;help:browse_response_ref_type_namespace_idx -zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric;group:zeek_opcua;kind:integer;friendly:browse_response_ref_type_numeric;help:browse_response_ref_type_numeric -zeek.opcua_binary_browse_response_references.browse_response_ref_type_string=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_string;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_string;help:browse_response_ref_type_string -zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_guid;help:browse_response_ref_type_guid -zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_opaque;help:browse_response_ref_type_opaque -zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_type_namespace_uri;help:browse_response_ref_type_namespace_uri -zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx;group:zeek_opcua;kind:integer;friendly:browse_response_ref_type_server_idx;help:browse_response_ref_type_server_idx -zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx;group:zeek_opcua;kind:integer;friendly:browse_response_ref_name_idx;help:browse_response_ref_name_idx -zeek.opcua_binary_browse_response_references.browse_response_ref_name=db:zeek.opcua_binary_browse_response_references.browse_response_ref_name;group:zeek_opcua;kind:termfield;friendly:browse_response_ref_name;help:browse_response_ref_name -zeek.opcua_binary_browse_response_references.browse_response_display_name_mask=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_mask;group:zeek_opcua;kind:termfield;friendly:browse_response_display_name_mask;help:browse_response_display_name_mask -zeek.opcua_binary_browse_response_references.browse_response_display_name_locale=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_locale;group:zeek_opcua;kind:termfield;friendly:browse_response_display_name_locale;help:browse_response_display_name_locale -zeek.opcua_binary_browse_response_references.browse_response_display_name_text=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_text;group:zeek_opcua;kind:termfield;friendly:browse_response_display_name_text;help:browse_response_display_name_text -zeek.opcua_binary_browse_response_references.browse_response_node_class=db:zeek.opcua_binary_browse_response_references.browse_response_node_class;group:zeek_opcua;kind:termfield;friendly:browse_response_node_class;help:browse_response_node_class -zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_encoding_mask;help:browse_response_type_def_encoding_mask -zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_namespace_idx;help:browse_response_type_def_namespace_idx -zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric;group:zeek_opcua;kind:integer;friendly:browse_response_type_def_numeric;help:browse_response_type_def_numeric -zeek.opcua_binary_browse_response_references.browse_response_type_def_string=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_string;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_string;help:browse_response_type_def_string -zeek.opcua_binary_browse_response_references.browse_response_type_def_guid=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_guid;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_guid;help:browse_response_type_def_guid -zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_opaque;help:browse_response_type_def_opaque -zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri;group:zeek_opcua;kind:termfield;friendly:browse_response_type_def_namespace_uri;help:browse_response_type_def_namespace_uri -zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx;group:zeek_opcua;kind:integer;friendly:browse_response_type_def_server_idx;help:browse_response_type_def_server_idx +zeek.opcua_binary_browse_response_references.browse_reference_link_id=db:zeek.opcua_binary_browse_response_references.browse_reference_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_reference_link_id;help:browse_reference_link_id +zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_encoding_mask;help:browse_response_ref_encoding_mask +zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_namespace_idx;help:browse_response_ref_namespace_idx +zeek.opcua_binary_browse_response_references.browse_response_ref_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_ref_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_ref_numeric;help:browse_response_ref_numeric +zeek.opcua_binary_browse_response_references.browse_response_ref_string=db:zeek.opcua_binary_browse_response_references.browse_response_ref_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_string;help:browse_response_ref_string +zeek.opcua_binary_browse_response_references.browse_response_ref_guid=db:zeek.opcua_binary_browse_response_references.browse_response_ref_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_guid;help:browse_response_ref_guid +zeek.opcua_binary_browse_response_references.browse_response_ref_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_ref_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_opaque;help:browse_response_ref_opaque +zeek.opcua_binary_browse_response_references.browse_response_is_forward=db:zeek.opcua_binary_browse_response_references.browse_response_is_forward;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_is_forward;help:browse_response_is_forward +zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_encoding_mask;help:browse_response_ref_type_encoding_mask +zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_namespace_idx;help:browse_response_ref_type_namespace_idx +zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_ref_type_numeric;help:browse_response_ref_type_numeric +zeek.opcua_binary_browse_response_references.browse_response_ref_type_string=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_string;help:browse_response_ref_type_string +zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_guid;help:browse_response_ref_type_guid +zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_opaque;help:browse_response_ref_type_opaque +zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_type_namespace_uri;help:browse_response_ref_type_namespace_uri +zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_ref_type_server_idx;help:browse_response_ref_type_server_idx +zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx=db:zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_ref_name_idx;help:browse_response_ref_name_idx +zeek.opcua_binary_browse_response_references.browse_response_ref_name=db:zeek.opcua_binary_browse_response_references.browse_response_ref_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_ref_name;help:browse_response_ref_name +zeek.opcua_binary_browse_response_references.browse_response_display_name_mask=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_display_name_mask;help:browse_response_display_name_mask +zeek.opcua_binary_browse_response_references.browse_response_display_name_locale=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_display_name_locale;help:browse_response_display_name_locale +zeek.opcua_binary_browse_response_references.browse_response_display_name_text=db:zeek.opcua_binary_browse_response_references.browse_response_display_name_text;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_display_name_text;help:browse_response_display_name_text +zeek.opcua_binary_browse_response_references.browse_response_node_class=db:zeek.opcua_binary_browse_response_references.browse_response_node_class;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_node_class;help:browse_response_node_class +zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_encoding_mask;help:browse_response_type_def_encoding_mask +zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_namespace_idx;help:browse_response_type_def_namespace_idx +zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_type_def_numeric;help:browse_response_type_def_numeric +zeek.opcua_binary_browse_response_references.browse_response_type_def_string=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_string;help:browse_response_type_def_string +zeek.opcua_binary_browse_response_references.browse_response_type_def_guid=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_guid;help:browse_response_type_def_guid +zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_opaque;help:browse_response_type_def_opaque +zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_type_def_namespace_uri;help:browse_response_type_def_namespace_uri +zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx=db:zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:browse_response_type_def_server_idx;help:browse_response_type_def_server_idx # opcua_binary_browse_request_continuation_point.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id=db:zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id;group:zeek_opcua;kind:termfield;friendly:browse_next_link_id;help:browse_next_link_id -zeek.opcua_binary_browse_request_continuation_point.continuation_point=db:zeek.opcua_binary_browse_request_continuation_point.continuation_point;group:zeek_opcua;kind:termfield;friendly:continuation_point;help:continuation_point +zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id=db:zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_next_link_id;help:browse_next_link_id +zeek.opcua_binary_browse_request_continuation_point.continuation_point=db:zeek.opcua_binary_browse_request_continuation_point.continuation_point;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:continuation_point;help:continuation_point # opcua_binary_browse_result.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_browse_result.browse_response_link_id=db:zeek.opcua_binary_browse_result.browse_response_link_id;group:zeek_opcua;kind:termfield;friendly:browse_response_link_id;help:browse_response_link_id -zeek.opcua_binary_browse_result.browse_result_continuation_point=db:zeek.opcua_binary_browse_result.browse_result_continuation_point;group:zeek_opcua;kind:termfield;friendly:browse_result_continuation_point;help:browse_result_continuation_point +zeek.opcua_binary_browse_result.browse_response_link_id=db:zeek.opcua_binary_browse_result.browse_response_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_response_link_id;help:browse_response_link_id +zeek.opcua_binary_browse_result.browse_result_continuation_point=db:zeek.opcua_binary_browse_result.browse_result_continuation_point;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_result_continuation_point;help:browse_result_continuation_point # opcua_binary_close_session.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_close_session.del_subscriptions=db:zeek.opcua_binary_close_session.del_subscriptions;group:zeek_opcua;kind:termfield;friendly:del_subscriptions;help:del_subscriptions +zeek.opcua_binary_close_session.del_subscriptions=db:zeek.opcua_binary_close_session.del_subscriptions;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:del_subscriptions;help:del_subscriptions # opcua_binary_event_filter_where_clause.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_where_clause.where_clause_link_id=db:zeek.opcua_binary_event_filter_where_clause.where_clause_link_id;group:zeek_opcua;kind:termfield;friendly:where_clause_link_id;help:where_clause_link_id +zeek.opcua_binary_event_filter_where_clause.where_clause_link_id=db:zeek.opcua_binary_event_filter_where_clause.where_clause_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:where_clause_link_id;help:where_clause_link_id # opcua_binary_event_filter_where_clause_elements.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id;group:zeek_opcua;kind:termfield;friendly:content_filter_element_link_id;help:content_filter_element_link_id -zeek.opcua_binary_event_filter_where_clause_elements.filter_operator=db:zeek.opcua_binary_event_filter_where_clause_elements.filter_operator;group:zeek_opcua;kind:termfield;friendly:filter_operator;help:filter_operator -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_node_id_encoding_mask;help:content_filter_filter_operand_type_id_node_id_encoding_mask -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_node_id_namespace_idx;help:content_filter_filter_operand_type_id_node_id_namespace_idx -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric;group:zeek_opcua;kind:integer;friendly:content_filter_filter_operand_type_id_node_id_numeric;help:content_filter_filter_operand_type_id_node_id_numeric -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_node_id_string;help:content_filter_filter_operand_type_id_node_id_string -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_node_id_guid;help:content_filter_filter_operand_type_id_node_id_guid -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_node_id_opaque;help:content_filter_filter_operand_type_id_node_id_opaque -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_string;help:content_filter_filter_operand_type_id_string -zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding;group:zeek_opcua;kind:termfield;friendly:content_filter_filter_operand_type_id_encoding;help:content_filter_filter_operand_type_id_encoding +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_element_link_id;help:content_filter_element_link_id +zeek.opcua_binary_event_filter_where_clause_elements.filter_operator=db:zeek.opcua_binary_event_filter_where_clause_elements.filter_operator;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:filter_operator;help:filter_operator +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_encoding_mask;help:content_filter_filter_operand_type_id_node_id_encoding_mask +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_namespace_idx;help:content_filter_filter_operand_type_id_node_id_namespace_idx +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_numeric;help:content_filter_filter_operand_type_id_node_id_numeric +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_string;help:content_filter_filter_operand_type_id_node_id_string +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_guid;help:content_filter_filter_operand_type_id_node_id_guid +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_node_id_opaque;help:content_filter_filter_operand_type_id_node_id_opaque +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_string;help:content_filter_filter_operand_type_id_string +zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding=db:zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:content_filter_filter_operand_type_id_encoding;help:content_filter_filter_operand_type_id_encoding # opcua_binary_create_monitored_items.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_monitored_items.subscription_id=db:zeek.opcua_binary_create_monitored_items.subscription_id;group:zeek_opcua;kind:integer;friendly:subscription_id;help:subscription_id -zeek.opcua_binary_create_monitored_items.timestamps_to_return=db:zeek.opcua_binary_create_monitored_items.timestamps_to_return;group:zeek_opcua;kind:integer;friendly:timestamps_to_return;help:timestamps_to_return -zeek.opcua_binary_create_monitored_items.timestamps_to_return_str=db:zeek.opcua_binary_create_monitored_items.timestamps_to_return_str;group:zeek_opcua;kind:termfield;friendly:timestamps_to_return_str;help:timestamps_to_return_str +zeek.opcua_binary_create_monitored_items.subscription_id=db:zeek.opcua_binary_create_monitored_items.subscription_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:subscription_id;help:subscription_id +zeek.opcua_binary_create_monitored_items.timestamps_to_return=db:zeek.opcua_binary_create_monitored_items.timestamps_to_return;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:timestamps_to_return;help:timestamps_to_return +zeek.opcua_binary_create_monitored_items.timestamps_to_return_str=db:zeek.opcua_binary_create_monitored_items.timestamps_to_return_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:timestamps_to_return_str;help:timestamps_to_return_str # opcua_binary_create_monitored_items_create_item.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id=db:zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id;group:zeek_opcua;kind:termfield;friendly:create_item_link_id;help:create_item_link_id -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_node_id_encoding_mask;help:item_to_monitor_node_id_encoding_mask -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_node_id_namespace_idx;help:item_to_monitor_node_id_namespace_idx -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric;group:zeek_opcua;kind:integer;friendly:item_to_monitor_node_id_numeric;help:item_to_monitor_node_id_numeric -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_node_id_string;help:item_to_monitor_node_id_string -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_node_id_guid;help:item_to_monitor_node_id_guid -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_node_id_opaque;help:item_to_monitor_node_id_opaque -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_attribute_id;help:item_to_monitor_attribute_id -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_index_range;help:item_to_monitor_index_range -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_namespace_idx;help:item_to_monitor_namespace_idx -zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name;group:zeek_opcua;kind:termfield;friendly:item_to_monitor_name;help:item_to_monitor_name -zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode;group:zeek_opcua;kind:termfield;friendly:monitoring_mode;help:monitoring_mode -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle;group:zeek_opcua;kind:integer;friendly:monitoring_parameters_client_handle;help:monitoring_parameters_client_handle -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_sampling_interval;help:monitoring_parameters_sampling_interval -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size;group:zeek_opcua;kind:integer;friendly:monitoring_parameters_queue_size;help:monitoring_parameters_queue_size -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_discard_oldest;help:monitoring_parameters_discard_oldest -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_node_id_encoding_mask;help:monitoring_parameters_filter_info_type_id_node_id_encoding_mask -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_node_id_namespace_idx;help:monitoring_parameters_filter_info_type_id_node_id_namespace_idx -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric;group:zeek_opcua;kind:integer;friendly:monitoring_parameters_filter_info_type_id_node_id_numeric;help:monitoring_parameters_filter_info_type_id_node_id_numeric -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_node_id_string;help:monitoring_parameters_filter_info_type_id_node_id_string -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_node_id_guid;help:monitoring_parameters_filter_info_type_id_node_id_guid -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_node_id_opaque;help:monitoring_parameters_filter_info_type_id_node_id_opaque -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_string;help:monitoring_parameters_filter_info_type_id_string -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_filter_info_type_id_encoding;help:monitoring_parameters_filter_info_type_id_encoding -zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id=db:zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id;group:zeek_opcua;kind:integer;friendly:monitored_item_index_id;help:monitored_item_index_id -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval;group:zeek_opcua;kind:termfield;friendly:monitoring_parameters_revised_sampling_interval;help:monitoring_parameters_revised_sampling_interval -zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size;group:zeek_opcua;kind:integer;friendly:monitoring_parameters_revised_queue_size;help:monitoring_parameters_revised_queue_size +zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id=db:zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:create_item_link_id;help:create_item_link_id +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_node_id_encoding_mask;help:item_to_monitor_node_id_encoding_mask +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_node_id_namespace_idx;help:item_to_monitor_node_id_namespace_idx +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:item_to_monitor_node_id_numeric;help:item_to_monitor_node_id_numeric +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_node_id_string;help:item_to_monitor_node_id_string +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_node_id_guid;help:item_to_monitor_node_id_guid +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_node_id_opaque;help:item_to_monitor_node_id_opaque +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_attribute_id;help:item_to_monitor_attribute_id +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_index_range;help:item_to_monitor_index_range +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_namespace_idx;help:item_to_monitor_namespace_idx +zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name=db:zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:item_to_monitor_name;help:item_to_monitor_name +zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_mode;help:monitoring_mode +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:monitoring_parameters_client_handle;help:monitoring_parameters_client_handle +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_sampling_interval;help:monitoring_parameters_sampling_interval +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:monitoring_parameters_queue_size;help:monitoring_parameters_queue_size +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_discard_oldest;help:monitoring_parameters_discard_oldest +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_encoding_mask;help:monitoring_parameters_filter_info_type_id_node_id_encoding_mask +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_namespace_idx;help:monitoring_parameters_filter_info_type_id_node_id_namespace_idx +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_numeric;help:monitoring_parameters_filter_info_type_id_node_id_numeric +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_string;help:monitoring_parameters_filter_info_type_id_node_id_string +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_guid;help:monitoring_parameters_filter_info_type_id_node_id_guid +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_node_id_opaque;help:monitoring_parameters_filter_info_type_id_node_id_opaque +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_string;help:monitoring_parameters_filter_info_type_id_string +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_filter_info_type_id_encoding;help:monitoring_parameters_filter_info_type_id_encoding +zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id=db:zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:monitored_item_index_id;help:monitored_item_index_id +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:monitoring_parameters_revised_sampling_interval;help:monitoring_parameters_revised_sampling_interval +zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size=db:zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:monitoring_parameters_revised_queue_size;help:monitoring_parameters_revised_queue_size # opcua_binary_create_session.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_session.application_uri=db:zeek.opcua_binary_create_session.application_uri;group:zeek_opcua;kind:termfield;friendly:application_uri;help:application_uri -zeek.opcua_binary_create_session.product_uri=db:zeek.opcua_binary_create_session.product_uri;group:zeek_opcua;kind:termfield;friendly:product_uri;help:product_uri -zeek.opcua_binary_create_session.encoding_mask=db:zeek.opcua_binary_create_session.encoding_mask;group:zeek_opcua;kind:integer;friendly:encoding_mask;help:encoding_mask -zeek.opcua_binary_create_session.locale=db:zeek.opcua_binary_create_session.locale;group:zeek_opcua;kind:termfield;friendly:locale;help:locale -zeek.opcua_binary_create_session.text=db:zeek.opcua_binary_create_session.text;group:zeek_opcua;kind:termfield;friendly:text;help:text -zeek.opcua_binary_create_session.application_type=db:zeek.opcua_binary_create_session.application_type;group:zeek_opcua;kind:integer;friendly:application_type;help:application_type -zeek.opcua_binary_create_session.gateway_server_uri=db:zeek.opcua_binary_create_session.gateway_server_uri;group:zeek_opcua;kind:termfield;friendly:gateway_server_uri;help:gateway_server_uri -zeek.opcua_binary_create_session.discovery_profile_uri=db:zeek.opcua_binary_create_session.discovery_profile_uri;group:zeek_opcua;kind:termfield;friendly:discovery_profile_uri;help:discovery_profile_uri -zeek.opcua_binary_create_session.server_uri=db:zeek.opcua_binary_create_session.server_uri;group:zeek_opcua;kind:termfield;friendly:server_uri;help:server_uri -zeek.opcua_binary_create_session.endpoint_url=db:zeek.opcua_binary_create_session.endpoint_url;group:zeek_opcua;kind:termfield;friendly:endpoint_url;help:endpoint_url -zeek.opcua_binary_create_session.session_name=db:zeek.opcua_binary_create_session.session_name;group:zeek_opcua;kind:termfield;friendly:session_name;help:session_name -zeek.opcua_binary_create_session.client_nonce=db:zeek.opcua_binary_create_session.client_nonce;group:zeek_opcua;kind:termfield;friendly:client_nonce;help:client_nonce -zeek.opcua_binary_create_session.client_cert_size=db:zeek.opcua_binary_create_session.client_cert_size;group:zeek_opcua;kind:integer;friendly:client_cert_size;help:client_cert_size -zeek.opcua_binary_create_session.client_cert=db:zeek.opcua_binary_create_session.client_cert;group:zeek_opcua;kind:termfield;friendly:client_cert;help:client_cert -zeek.opcua_binary_create_session.req_session_timeout=db:zeek.opcua_binary_create_session.req_session_timeout;group:zeek_opcua;kind:integer;friendly:req_session_timeout;help:req_session_timeout -zeek.opcua_binary_create_session.max_res_msg_size=db:zeek.opcua_binary_create_session.max_res_msg_size;group:zeek_opcua;kind:integer;friendly:max_res_msg_size;help:max_res_msg_size -zeek.opcua_binary_create_session.session_id_encoding_mask=db:zeek.opcua_binary_create_session.session_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:session_id_encoding_mask;help:session_id_encoding_mask -zeek.opcua_binary_create_session.session_id_namespace_idx=db:zeek.opcua_binary_create_session.session_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:session_id_namespace_idx;help:session_id_namespace_idx -zeek.opcua_binary_create_session.session_id_numeric=db:zeek.opcua_binary_create_session.session_id_numeric;group:zeek_opcua;kind:integer;friendly:session_id_numeric;help:session_id_numeric -zeek.opcua_binary_create_session.session_id_string=db:zeek.opcua_binary_create_session.session_id_string;group:zeek_opcua;kind:termfield;friendly:session_id_string;help:session_id_string -zeek.opcua_binary_create_session.session_id_guid=db:zeek.opcua_binary_create_session.session_id_guid;group:zeek_opcua;kind:termfield;friendly:session_id_guid;help:session_id_guid -zeek.opcua_binary_create_session.session_id_opaque=db:zeek.opcua_binary_create_session.session_id_opaque;group:zeek_opcua;kind:termfield;friendly:session_id_opaque;help:session_id_opaque -zeek.opcua_binary_create_session.auth_token_encoding_mask=db:zeek.opcua_binary_create_session.auth_token_encoding_mask;group:zeek_opcua;kind:termfield;friendly:auth_token_encoding_mask;help:auth_token_encoding_mask -zeek.opcua_binary_create_session.auth_token_namespace_idx=db:zeek.opcua_binary_create_session.auth_token_namespace_idx;group:zeek_opcua;kind:termfield;friendly:auth_token_namespace_idx;help:auth_token_namespace_idx -zeek.opcua_binary_create_session.auth_token_numeric=db:zeek.opcua_binary_create_session.auth_token_numeric;group:zeek_opcua;kind:integer;friendly:auth_token_numeric;help:auth_token_numeric -zeek.opcua_binary_create_session.auth_token_string=db:zeek.opcua_binary_create_session.auth_token_string;group:zeek_opcua;kind:termfield;friendly:auth_token_string;help:auth_token_string -zeek.opcua_binary_create_session.auth_token_guid=db:zeek.opcua_binary_create_session.auth_token_guid;group:zeek_opcua;kind:termfield;friendly:auth_token_guid;help:auth_token_guid -zeek.opcua_binary_create_session.auth_token_opaque=db:zeek.opcua_binary_create_session.auth_token_opaque;group:zeek_opcua;kind:termfield;friendly:auth_token_opaque;help:auth_token_opaque -zeek.opcua_binary_create_session.revised_session_timeout=db:zeek.opcua_binary_create_session.revised_session_timeout;group:zeek_opcua;kind:integer;friendly:revised_session_timeout;help:revised_session_timeout -zeek.opcua_binary_create_session.server_nonce=db:zeek.opcua_binary_create_session.server_nonce;group:zeek_opcua;kind:termfield;friendly:server_nonce;help:server_nonce -zeek.opcua_binary_create_session.server_cert_size=db:zeek.opcua_binary_create_session.server_cert_size;group:zeek_opcua;kind:integer;friendly:server_cert_size;help:server_cert_size -zeek.opcua_binary_create_session.server_cert=db:zeek.opcua_binary_create_session.server_cert;group:zeek_opcua;kind:termfield;friendly:server_cert;help:server_cert -zeek.opcua_binary_create_session.algorithm=db:zeek.opcua_binary_create_session.algorithm;group:zeek_opcua;kind:termfield;friendly:algorithm;help:algorithm -zeek.opcua_binary_create_session.signature=db:zeek.opcua_binary_create_session.signature;group:zeek_opcua;kind:termfield;friendly:signature;help:signature -zeek.opcua_binary_create_session.max_req_msg_size=db:zeek.opcua_binary_create_session.max_req_msg_size;group:zeek_opcua;kind:integer;friendly:max_req_msg_size;help:max_req_msg_size +zeek.opcua_binary_create_session.application_uri=db:zeek.opcua_binary_create_session.application_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:application_uri;help:application_uri +zeek.opcua_binary_create_session.product_uri=db:zeek.opcua_binary_create_session.product_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:product_uri;help:product_uri +zeek.opcua_binary_create_session.encoding_mask=db:zeek.opcua_binary_create_session.encoding_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:encoding_mask;help:encoding_mask +zeek.opcua_binary_create_session.locale=db:zeek.opcua_binary_create_session.locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale;help:locale +zeek.opcua_binary_create_session.text=db:zeek.opcua_binary_create_session.text;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:text;help:text +zeek.opcua_binary_create_session.application_type=db:zeek.opcua_binary_create_session.application_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:application_type;help:application_type +zeek.opcua_binary_create_session.gateway_server_uri=db:zeek.opcua_binary_create_session.gateway_server_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:gateway_server_uri;help:gateway_server_uri +zeek.opcua_binary_create_session.discovery_profile_uri=db:zeek.opcua_binary_create_session.discovery_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_uri;help:discovery_profile_uri +zeek.opcua_binary_create_session.server_uri=db:zeek.opcua_binary_create_session.server_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_uri;help:server_uri +zeek.opcua_binary_create_session.endpoint_url=db:zeek.opcua_binary_create_session.endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_url;help:endpoint_url +zeek.opcua_binary_create_session.session_name=db:zeek.opcua_binary_create_session.session_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_name;help:session_name +zeek.opcua_binary_create_session.client_nonce=db:zeek.opcua_binary_create_session.client_nonce;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_nonce;help:client_nonce +zeek.opcua_binary_create_session.client_cert_size=db:zeek.opcua_binary_create_session.client_cert_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:client_cert_size;help:client_cert_size +zeek.opcua_binary_create_session.client_cert=db:zeek.opcua_binary_create_session.client_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_cert;help:client_cert +zeek.opcua_binary_create_session.req_session_timeout=db:zeek.opcua_binary_create_session.req_session_timeout;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_session_timeout;help:req_session_timeout +zeek.opcua_binary_create_session.max_res_msg_size=db:zeek.opcua_binary_create_session.max_res_msg_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_res_msg_size;help:max_res_msg_size +zeek.opcua_binary_create_session.session_id_encoding_mask=db:zeek.opcua_binary_create_session.session_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_id_encoding_mask;help:session_id_encoding_mask +zeek.opcua_binary_create_session.session_id_namespace_idx=db:zeek.opcua_binary_create_session.session_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_id_namespace_idx;help:session_id_namespace_idx +zeek.opcua_binary_create_session.session_id_numeric=db:zeek.opcua_binary_create_session.session_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:session_id_numeric;help:session_id_numeric +zeek.opcua_binary_create_session.session_id_string=db:zeek.opcua_binary_create_session.session_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_id_string;help:session_id_string +zeek.opcua_binary_create_session.session_id_guid=db:zeek.opcua_binary_create_session.session_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_id_guid;help:session_id_guid +zeek.opcua_binary_create_session.session_id_opaque=db:zeek.opcua_binary_create_session.session_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:session_id_opaque;help:session_id_opaque +zeek.opcua_binary_create_session.auth_token_encoding_mask=db:zeek.opcua_binary_create_session.auth_token_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:auth_token_encoding_mask;help:auth_token_encoding_mask +zeek.opcua_binary_create_session.auth_token_namespace_idx=db:zeek.opcua_binary_create_session.auth_token_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:auth_token_namespace_idx;help:auth_token_namespace_idx +zeek.opcua_binary_create_session.auth_token_numeric=db:zeek.opcua_binary_create_session.auth_token_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:auth_token_numeric;help:auth_token_numeric +zeek.opcua_binary_create_session.auth_token_string=db:zeek.opcua_binary_create_session.auth_token_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:auth_token_string;help:auth_token_string +zeek.opcua_binary_create_session.auth_token_guid=db:zeek.opcua_binary_create_session.auth_token_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:auth_token_guid;help:auth_token_guid +zeek.opcua_binary_create_session.auth_token_opaque=db:zeek.opcua_binary_create_session.auth_token_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:auth_token_opaque;help:auth_token_opaque +zeek.opcua_binary_create_session.revised_session_timeout=db:zeek.opcua_binary_create_session.revised_session_timeout;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_session_timeout;help:revised_session_timeout +zeek.opcua_binary_create_session.server_nonce=db:zeek.opcua_binary_create_session.server_nonce;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_nonce;help:server_nonce +zeek.opcua_binary_create_session.server_cert_size=db:zeek.opcua_binary_create_session.server_cert_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:server_cert_size;help:server_cert_size +zeek.opcua_binary_create_session.server_cert=db:zeek.opcua_binary_create_session.server_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_cert;help:server_cert +zeek.opcua_binary_create_session.algorithm=db:zeek.opcua_binary_create_session.algorithm;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:algorithm;help:algorithm +zeek.opcua_binary_create_session.signature=db:zeek.opcua_binary_create_session.signature;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:signature;help:signature +zeek.opcua_binary_create_session.max_req_msg_size=db:zeek.opcua_binary_create_session.max_req_msg_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_req_msg_size;help:max_req_msg_size # opcua_binary_create_session_discovery.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_session_discovery.discovery_profile_link_id=db:zeek.opcua_binary_create_session_discovery.discovery_profile_link_id;group:zeek_opcua;kind:termfield;friendly:discovery_profile_link_id;help:discovery_profile_link_id -zeek.opcua_binary_create_session_discovery.discovery_profile_uri=db:zeek.opcua_binary_create_session_discovery.discovery_profile_uri;group:zeek_opcua;kind:termfield;friendly:discovery_profile_uri;help:discovery_profile_uri -zeek.opcua_binary_create_session_discovery.discovery_profile_url=db:zeek.opcua_binary_create_session_discovery.discovery_profile_url;group:zeek_opcua;kind:termfield;friendly:discovery_profile_url;help:discovery_profile_url +zeek.opcua_binary_create_session_discovery.discovery_profile_link_id=db:zeek.opcua_binary_create_session_discovery.discovery_profile_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_link_id;help:discovery_profile_link_id +zeek.opcua_binary_create_session_discovery.discovery_profile_uri=db:zeek.opcua_binary_create_session_discovery.discovery_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_uri;help:discovery_profile_uri +zeek.opcua_binary_create_session_discovery.discovery_profile_url=db:zeek.opcua_binary_create_session_discovery.discovery_profile_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_url;help:discovery_profile_url # opcua_binary_create_session_endpoints.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_session_endpoints.endpoint_link_id=db:zeek.opcua_binary_create_session_endpoints.endpoint_link_id;group:zeek_opcua;kind:termfield;friendly:endpoint_link_id;help:endpoint_link_id -zeek.opcua_binary_create_session_endpoints.endpoint_url=db:zeek.opcua_binary_create_session_endpoints.endpoint_url;group:zeek_opcua;kind:termfield;friendly:endpoint_url;help:endpoint_url -zeek.opcua_binary_create_session_endpoints.application_uri=db:zeek.opcua_binary_create_session_endpoints.application_uri;group:zeek_opcua;kind:termfield;friendly:application_uri;help:application_uri -zeek.opcua_binary_create_session_endpoints.product_uri=db:zeek.opcua_binary_create_session_endpoints.product_uri;group:zeek_opcua;kind:termfield;friendly:product_uri;help:product_uri -zeek.opcua_binary_create_session_endpoints.encoding_mask=db:zeek.opcua_binary_create_session_endpoints.encoding_mask;group:zeek_opcua;kind:integer;friendly:encoding_mask;help:encoding_mask -zeek.opcua_binary_create_session_endpoints.locale=db:zeek.opcua_binary_create_session_endpoints.locale;group:zeek_opcua;kind:termfield;friendly:locale;help:locale -zeek.opcua_binary_create_session_endpoints.text=db:zeek.opcua_binary_create_session_endpoints.text;group:zeek_opcua;kind:termfield;friendly:text;help:text -zeek.opcua_binary_create_session_endpoints.application_type=db:zeek.opcua_binary_create_session_endpoints.application_type;group:zeek_opcua;kind:integer;friendly:application_type;help:application_type -zeek.opcua_binary_create_session_endpoints.gateway_server_uri=db:zeek.opcua_binary_create_session_endpoints.gateway_server_uri;group:zeek_opcua;kind:termfield;friendly:gateway_server_uri;help:gateway_server_uri -zeek.opcua_binary_create_session_endpoints.discovery_profile_uri=db:zeek.opcua_binary_create_session_endpoints.discovery_profile_uri;group:zeek_opcua;kind:termfield;friendly:discovery_profile_uri;help:discovery_profile_uri -zeek.opcua_binary_create_session_endpoints.cert_size=db:zeek.opcua_binary_create_session_endpoints.cert_size;group:zeek_opcua;kind:integer;friendly:cert_size;help:cert_size -zeek.opcua_binary_create_session_endpoints.server_cert=db:zeek.opcua_binary_create_session_endpoints.server_cert;group:zeek_opcua;kind:termfield;friendly:server_cert;help:server_cert -zeek.opcua_binary_create_session_endpoints.message_security_mode=db:zeek.opcua_binary_create_session_endpoints.message_security_mode;group:zeek_opcua;kind:integer;friendly:message_security_mode;help:message_security_mode -zeek.opcua_binary_create_session_endpoints.security_policy_uri=db:zeek.opcua_binary_create_session_endpoints.security_policy_uri;group:zeek_opcua;kind:termfield;friendly:security_policy_uri;help:security_policy_uri -zeek.opcua_binary_create_session_endpoints.transport_profile_uri=db:zeek.opcua_binary_create_session_endpoints.transport_profile_uri;group:zeek_opcua;kind:termfield;friendly:transport_profile_uri;help:transport_profile_uri -zeek.opcua_binary_create_session_endpoints.security_level=db:zeek.opcua_binary_create_session_endpoints.security_level;group:zeek_opcua;kind:integer;friendly:security_level;help:security_level +zeek.opcua_binary_create_session_endpoints.endpoint_link_id=db:zeek.opcua_binary_create_session_endpoints.endpoint_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_link_id;help:endpoint_link_id +zeek.opcua_binary_create_session_endpoints.endpoint_url=db:zeek.opcua_binary_create_session_endpoints.endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_url;help:endpoint_url +zeek.opcua_binary_create_session_endpoints.application_uri=db:zeek.opcua_binary_create_session_endpoints.application_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:application_uri;help:application_uri +zeek.opcua_binary_create_session_endpoints.product_uri=db:zeek.opcua_binary_create_session_endpoints.product_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:product_uri;help:product_uri +zeek.opcua_binary_create_session_endpoints.encoding_mask=db:zeek.opcua_binary_create_session_endpoints.encoding_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:encoding_mask;help:encoding_mask +zeek.opcua_binary_create_session_endpoints.locale=db:zeek.opcua_binary_create_session_endpoints.locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale;help:locale +zeek.opcua_binary_create_session_endpoints.text=db:zeek.opcua_binary_create_session_endpoints.text;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:text;help:text +zeek.opcua_binary_create_session_endpoints.application_type=db:zeek.opcua_binary_create_session_endpoints.application_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:application_type;help:application_type +zeek.opcua_binary_create_session_endpoints.gateway_server_uri=db:zeek.opcua_binary_create_session_endpoints.gateway_server_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:gateway_server_uri;help:gateway_server_uri +zeek.opcua_binary_create_session_endpoints.discovery_profile_uri=db:zeek.opcua_binary_create_session_endpoints.discovery_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_uri;help:discovery_profile_uri +zeek.opcua_binary_create_session_endpoints.cert_size=db:zeek.opcua_binary_create_session_endpoints.cert_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:cert_size;help:cert_size +zeek.opcua_binary_create_session_endpoints.server_cert=db:zeek.opcua_binary_create_session_endpoints.server_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_cert;help:server_cert +zeek.opcua_binary_create_session_endpoints.message_security_mode=db:zeek.opcua_binary_create_session_endpoints.message_security_mode;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:message_security_mode;help:message_security_mode +zeek.opcua_binary_create_session_endpoints.security_policy_uri=db:zeek.opcua_binary_create_session_endpoints.security_policy_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:security_policy_uri;help:security_policy_uri +zeek.opcua_binary_create_session_endpoints.transport_profile_uri=db:zeek.opcua_binary_create_session_endpoints.transport_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:transport_profile_uri;help:transport_profile_uri +zeek.opcua_binary_create_session_endpoints.security_level=db:zeek.opcua_binary_create_session_endpoints.security_level;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:security_level;help:security_level # opcua_binary_create_session_user_token.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_session_user_token.user_token_link_id=db:zeek.opcua_binary_create_session_user_token.user_token_link_id;group:zeek_opcua;kind:termfield;friendly:user_token_link_id;help:user_token_link_id -zeek.opcua_binary_create_session_user_token.user_token_policy_id=db:zeek.opcua_binary_create_session_user_token.user_token_policy_id;group:zeek_opcua;kind:termfield;friendly:user_token_policy_id;help:user_token_policy_id -zeek.opcua_binary_create_session_user_token.user_token_type=db:zeek.opcua_binary_create_session_user_token.user_token_type;group:zeek_opcua;kind:integer;friendly:user_token_type;help:user_token_type -zeek.opcua_binary_create_session_user_token.user_token_issued_type=db:zeek.opcua_binary_create_session_user_token.user_token_issued_type;group:zeek_opcua;kind:termfield;friendly:user_token_issued_type;help:user_token_issued_type -zeek.opcua_binary_create_session_user_token.user_token_endpoint_url=db:zeek.opcua_binary_create_session_user_token.user_token_endpoint_url;group:zeek_opcua;kind:termfield;friendly:user_token_endpoint_url;help:user_token_endpoint_url -zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri=db:zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri;group:zeek_opcua;kind:termfield;friendly:user_token_sec_policy_uri;help:user_token_sec_policy_uri +zeek.opcua_binary_create_session_user_token.user_token_link_id=db:zeek.opcua_binary_create_session_user_token.user_token_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_link_id;help:user_token_link_id +zeek.opcua_binary_create_session_user_token.user_token_policy_id=db:zeek.opcua_binary_create_session_user_token.user_token_policy_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_policy_id;help:user_token_policy_id +zeek.opcua_binary_create_session_user_token.user_token_type=db:zeek.opcua_binary_create_session_user_token.user_token_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:user_token_type;help:user_token_type +zeek.opcua_binary_create_session_user_token.user_token_issued_type=db:zeek.opcua_binary_create_session_user_token.user_token_issued_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_issued_type;help:user_token_issued_type +zeek.opcua_binary_create_session_user_token.user_token_endpoint_url=db:zeek.opcua_binary_create_session_user_token.user_token_endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_endpoint_url;help:user_token_endpoint_url +zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri=db:zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_sec_policy_uri;help:user_token_sec_policy_uri # opcua_binary_create_subscription.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_create_subscription.requested_publishing_interval=db:zeek.opcua_binary_create_subscription.requested_publishing_interval;group:zeek_opcua;kind:integer;friendly:requested_publishing_interval;help:requested_publishing_interval -zeek.opcua_binary_create_subscription.requested_lifetime_count=db:zeek.opcua_binary_create_subscription.requested_lifetime_count;group:zeek_opcua;kind:integer;friendly:requested_lifetime_count;help:requested_lifetime_count -zeek.opcua_binary_create_subscription.requested_max_keep_alive_count=db:zeek.opcua_binary_create_subscription.requested_max_keep_alive_count;group:zeek_opcua;kind:integer;friendly:requested_max_keep_alive_count;help:requested_max_keep_alive_count -zeek.opcua_binary_create_subscription.max_notifications_per_publish=db:zeek.opcua_binary_create_subscription.max_notifications_per_publish;group:zeek_opcua;kind:integer;friendly:max_notifications_per_publish;help:max_notifications_per_publish -zeek.opcua_binary_create_subscription.publishing_enabled=db:zeek.opcua_binary_create_subscription.publishing_enabled;group:zeek_opcua;kind:termfield;friendly:publishing_enabled;help:publishing_enabled -zeek.opcua_binary_create_subscription.priority=db:zeek.opcua_binary_create_subscription.priority;group:zeek_opcua;kind:integer;friendly:priority;help:priority -zeek.opcua_binary_create_subscription.subscription_id=db:zeek.opcua_binary_create_subscription.subscription_id;group:zeek_opcua;kind:integer;friendly:subscription_id;help:subscription_id -zeek.opcua_binary_create_subscription.revised_publishing_interval=db:zeek.opcua_binary_create_subscription.revised_publishing_interval;group:zeek_opcua;kind:integer;friendly:revised_publishing_interval;help:revised_publishing_interval -zeek.opcua_binary_create_subscription.revised_lifetime_count=db:zeek.opcua_binary_create_subscription.revised_lifetime_count;group:zeek_opcua;kind:integer;friendly:revised_lifetime_count;help:revised_lifetime_count -zeek.opcua_binary_create_subscription.revised_max_keep_alive_count=db:zeek.opcua_binary_create_subscription.revised_max_keep_alive_count;group:zeek_opcua;kind:integer;friendly:revised_max_keep_alive_count;help:revised_max_keep_alive_count +zeek.opcua_binary_create_subscription.requested_publishing_interval=db:zeek.opcua_binary_create_subscription.requested_publishing_interval;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:requested_publishing_interval;help:requested_publishing_interval +zeek.opcua_binary_create_subscription.requested_lifetime_count=db:zeek.opcua_binary_create_subscription.requested_lifetime_count;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:requested_lifetime_count;help:requested_lifetime_count +zeek.opcua_binary_create_subscription.requested_max_keep_alive_count=db:zeek.opcua_binary_create_subscription.requested_max_keep_alive_count;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:requested_max_keep_alive_count;help:requested_max_keep_alive_count +zeek.opcua_binary_create_subscription.max_notifications_per_publish=db:zeek.opcua_binary_create_subscription.max_notifications_per_publish;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_notifications_per_publish;help:max_notifications_per_publish +zeek.opcua_binary_create_subscription.publishing_enabled=db:zeek.opcua_binary_create_subscription.publishing_enabled;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:publishing_enabled;help:publishing_enabled +zeek.opcua_binary_create_subscription.priority=db:zeek.opcua_binary_create_subscription.priority;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:priority;help:priority +zeek.opcua_binary_create_subscription.subscription_id=db:zeek.opcua_binary_create_subscription.subscription_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:subscription_id;help:subscription_id +zeek.opcua_binary_create_subscription.revised_publishing_interval=db:zeek.opcua_binary_create_subscription.revised_publishing_interval;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_publishing_interval;help:revised_publishing_interval +zeek.opcua_binary_create_subscription.revised_lifetime_count=db:zeek.opcua_binary_create_subscription.revised_lifetime_count;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_lifetime_count;help:revised_lifetime_count +zeek.opcua_binary_create_subscription.revised_max_keep_alive_count=db:zeek.opcua_binary_create_subscription.revised_max_keep_alive_count;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:revised_max_keep_alive_count;help:revised_max_keep_alive_count # opcua_binary_data_change_filter.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_data_change_filter.trigger=db:zeek.opcua_binary_data_change_filter.trigger;group:zeek_opcua;kind:termfield;friendly:trigger;help:trigger -zeek.opcua_binary_data_change_filter.deadband_type=db:zeek.opcua_binary_data_change_filter.deadband_type;group:zeek_opcua;kind:termfield;friendly:deadband_type;help:deadband_type -zeek.opcua_binary_data_change_filter.deadband_value=db:zeek.opcua_binary_data_change_filter.deadband_value;group:zeek_opcua;kind:termfield;friendly:deadband_value;help:deadband_value +zeek.opcua_binary_data_change_filter.trigger=db:zeek.opcua_binary_data_change_filter.trigger;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:trigger;help:trigger +zeek.opcua_binary_data_change_filter.deadband_type=db:zeek.opcua_binary_data_change_filter.deadband_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:deadband_type;help:deadband_type +zeek.opcua_binary_data_change_filter.deadband_value=db:zeek.opcua_binary_data_change_filter.deadband_value;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:deadband_value;help:deadband_value # opcua_binary_diag_info_detail.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_diag_info_detail.diag_info_link_id=db:zeek.opcua_binary_diag_info_detail.diag_info_link_id;group:zeek_opcua;kind:termfield;friendly:diag_info_link_id;help:diag_info_link_id -zeek.opcua_binary_diag_info_detail.root_object_id=db:zeek.opcua_binary_diag_info_detail.root_object_id;group:zeek_opcua;kind:termfield;friendly:root_object_id;help:root_object_id -zeek.opcua_binary_diag_info_detail.source=db:zeek.opcua_binary_diag_info_detail.source;group:zeek_opcua;kind:integer;friendly:source;help:source -zeek.opcua_binary_diag_info_detail.source_str=db:zeek.opcua_binary_diag_info_detail.source_str;group:zeek_opcua;kind:termfield;friendly:source_str;help:source_str -zeek.opcua_binary_diag_info_detail.inner_diag_level=db:zeek.opcua_binary_diag_info_detail.inner_diag_level;group:zeek_opcua;kind:integer;friendly:inner_diag_level;help:inner_diag_level -zeek.opcua_binary_diag_info_detail.has_symbolic_id=db:zeek.opcua_binary_diag_info_detail.has_symbolic_id;group:zeek_opcua;kind:termfield;friendly:has_symbolic_id;help:has_symbolic_id -zeek.opcua_binary_diag_info_detail.symbolic_id=db:zeek.opcua_binary_diag_info_detail.symbolic_id;group:zeek_opcua;kind:integer;friendly:symbolic_id;help:symbolic_id -zeek.opcua_binary_diag_info_detail.symbolic_id_str=db:zeek.opcua_binary_diag_info_detail.symbolic_id_str;group:zeek_opcua;kind:termfield;friendly:symbolic_id_str;help:symbolic_id_str -zeek.opcua_binary_diag_info_detail.has_namespace_uri=db:zeek.opcua_binary_diag_info_detail.has_namespace_uri;group:zeek_opcua;kind:termfield;friendly:has_namespace_uri;help:has_namespace_uri -zeek.opcua_binary_diag_info_detail.namespace_uri=db:zeek.opcua_binary_diag_info_detail.namespace_uri;group:zeek_opcua;kind:integer;friendly:namespace_uri;help:namespace_uri -zeek.opcua_binary_diag_info_detail.namespace_uri_str=db:zeek.opcua_binary_diag_info_detail.namespace_uri_str;group:zeek_opcua;kind:termfield;friendly:namespace_uri_str;help:namespace_uri_str -zeek.opcua_binary_diag_info_detail.has_locale=db:zeek.opcua_binary_diag_info_detail.has_locale;group:zeek_opcua;kind:termfield;friendly:has_locale;help:has_locale -zeek.opcua_binary_diag_info_detail.locale=db:zeek.opcua_binary_diag_info_detail.locale;group:zeek_opcua;kind:integer;friendly:locale;help:locale -zeek.opcua_binary_diag_info_detail.locale_str=db:zeek.opcua_binary_diag_info_detail.locale_str;group:zeek_opcua;kind:termfield;friendly:locale_str;help:locale_str -zeek.opcua_binary_diag_info_detail.has_locale_txt=db:zeek.opcua_binary_diag_info_detail.has_locale_txt;group:zeek_opcua;kind:termfield;friendly:has_locale_txt;help:has_locale_txt -zeek.opcua_binary_diag_info_detail.locale_txt=db:zeek.opcua_binary_diag_info_detail.locale_txt;group:zeek_opcua;kind:integer;friendly:locale_txt;help:locale_txt -zeek.opcua_binary_diag_info_detail.locale_txt_str=db:zeek.opcua_binary_diag_info_detail.locale_txt_str;group:zeek_opcua;kind:termfield;friendly:locale_txt_str;help:locale_txt_str -zeek.opcua_binary_diag_info_detail.has_addl_info=db:zeek.opcua_binary_diag_info_detail.has_addl_info;group:zeek_opcua;kind:termfield;friendly:has_addl_info;help:has_addl_info -zeek.opcua_binary_diag_info_detail.addl_info=db:zeek.opcua_binary_diag_info_detail.addl_info;group:zeek_opcua;kind:termfield;friendly:addl_info;help:addl_info -zeek.opcua_binary_diag_info_detail.has_inner_stat_code=db:zeek.opcua_binary_diag_info_detail.has_inner_stat_code;group:zeek_opcua;kind:termfield;friendly:has_inner_stat_code;help:has_inner_stat_code -zeek.opcua_binary_diag_info_detail.inner_stat_code=db:zeek.opcua_binary_diag_info_detail.inner_stat_code;group:zeek_opcua;kind:termfield;friendly:inner_stat_code;help:inner_stat_code -zeek.opcua_binary_diag_info_detail.has_inner_diag_info=db:zeek.opcua_binary_diag_info_detail.has_inner_diag_info;group:zeek_opcua;kind:termfield;friendly:has_inner_diag_info;help:has_inner_diag_info +zeek.opcua_binary_diag_info_detail.diag_info_link_id=db:zeek.opcua_binary_diag_info_detail.diag_info_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:diag_info_link_id;help:diag_info_link_id +zeek.opcua_binary_diag_info_detail.root_object_id=db:zeek.opcua_binary_diag_info_detail.root_object_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:root_object_id;help:root_object_id +zeek.opcua_binary_diag_info_detail.source=db:zeek.opcua_binary_diag_info_detail.source;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:source;help:source +zeek.opcua_binary_diag_info_detail.source_str=db:zeek.opcua_binary_diag_info_detail.source_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:source_str;help:source_str +zeek.opcua_binary_diag_info_detail.inner_diag_level=db:zeek.opcua_binary_diag_info_detail.inner_diag_level;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:inner_diag_level;help:inner_diag_level +zeek.opcua_binary_diag_info_detail.has_symbolic_id=db:zeek.opcua_binary_diag_info_detail.has_symbolic_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_symbolic_id;help:has_symbolic_id +zeek.opcua_binary_diag_info_detail.symbolic_id=db:zeek.opcua_binary_diag_info_detail.symbolic_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:symbolic_id;help:symbolic_id +zeek.opcua_binary_diag_info_detail.symbolic_id_str=db:zeek.opcua_binary_diag_info_detail.symbolic_id_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:symbolic_id_str;help:symbolic_id_str +zeek.opcua_binary_diag_info_detail.has_namespace_uri=db:zeek.opcua_binary_diag_info_detail.has_namespace_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_namespace_uri;help:has_namespace_uri +zeek.opcua_binary_diag_info_detail.namespace_uri=db:zeek.opcua_binary_diag_info_detail.namespace_uri;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:namespace_uri;help:namespace_uri +zeek.opcua_binary_diag_info_detail.namespace_uri_str=db:zeek.opcua_binary_diag_info_detail.namespace_uri_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:namespace_uri_str;help:namespace_uri_str +zeek.opcua_binary_diag_info_detail.has_locale=db:zeek.opcua_binary_diag_info_detail.has_locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_locale;help:has_locale +zeek.opcua_binary_diag_info_detail.locale=db:zeek.opcua_binary_diag_info_detail.locale;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:locale;help:locale +zeek.opcua_binary_diag_info_detail.locale_str=db:zeek.opcua_binary_diag_info_detail.locale_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale_str;help:locale_str +zeek.opcua_binary_diag_info_detail.has_locale_txt=db:zeek.opcua_binary_diag_info_detail.has_locale_txt;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_locale_txt;help:has_locale_txt +zeek.opcua_binary_diag_info_detail.locale_txt=db:zeek.opcua_binary_diag_info_detail.locale_txt;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:locale_txt;help:locale_txt +zeek.opcua_binary_diag_info_detail.locale_txt_str=db:zeek.opcua_binary_diag_info_detail.locale_txt_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale_txt_str;help:locale_txt_str +zeek.opcua_binary_diag_info_detail.has_addl_info=db:zeek.opcua_binary_diag_info_detail.has_addl_info;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_addl_info;help:has_addl_info +zeek.opcua_binary_diag_info_detail.addl_info=db:zeek.opcua_binary_diag_info_detail.addl_info;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:addl_info;help:addl_info +zeek.opcua_binary_diag_info_detail.has_inner_stat_code=db:zeek.opcua_binary_diag_info_detail.has_inner_stat_code;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_inner_stat_code;help:has_inner_stat_code +zeek.opcua_binary_diag_info_detail.inner_stat_code=db:zeek.opcua_binary_diag_info_detail.inner_stat_code;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:inner_stat_code;help:inner_stat_code +zeek.opcua_binary_diag_info_detail.has_inner_diag_info=db:zeek.opcua_binary_diag_info_detail.has_inner_diag_info;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:has_inner_diag_info;help:has_inner_diag_info # opcua_binary_event_filter_element_operand.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_element_operand.element_index=db:zeek.opcua_binary_event_filter_element_operand.element_index;group:zeek_opcua;kind:integer;friendly:element_index;help:element_index +zeek.opcua_binary_event_filter_element_operand.element_index=db:zeek.opcua_binary_event_filter_element_operand.element_index;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:element_index;help:element_index # opcua_binary_event_filter.log # https://github.com/cisagov/icsnpp-opcua-binary # opcua_binary_get_endpoints.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints.endpoint_url=db:zeek.opcua_binary_get_endpoints.endpoint_url;group:zeek_opcua;kind:termfield;friendly:endpoint_url;help:endpoint_url +zeek.opcua_binary_get_endpoints.endpoint_url=db:zeek.opcua_binary_get_endpoints.endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_url;help:endpoint_url # opcua_binary_get_endpoints_description.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id=db:zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id;group:zeek_opcua;kind:termfield;friendly:endpoint_description_link_id;help:endpoint_description_link_id -zeek.opcua_binary_get_endpoints_description.endpoint_uri=db:zeek.opcua_binary_get_endpoints_description.endpoint_uri;group:zeek_opcua;kind:termfield;friendly:endpoint_uri;help:endpoint_uri -zeek.opcua_binary_get_endpoints_description.application_uri=db:zeek.opcua_binary_get_endpoints_description.application_uri;group:zeek_opcua;kind:termfield;friendly:application_uri;help:application_uri -zeek.opcua_binary_get_endpoints_description.product_uri=db:zeek.opcua_binary_get_endpoints_description.product_uri;group:zeek_opcua;kind:termfield;friendly:product_uri;help:product_uri -zeek.opcua_binary_get_endpoints_description.encoding_mask=db:zeek.opcua_binary_get_endpoints_description.encoding_mask;group:zeek_opcua;kind:integer;friendly:encoding_mask;help:encoding_mask -zeek.opcua_binary_get_endpoints_description.locale=db:zeek.opcua_binary_get_endpoints_description.locale;group:zeek_opcua;kind:termfield;friendly:locale;help:locale -zeek.opcua_binary_get_endpoints_description.text=db:zeek.opcua_binary_get_endpoints_description.text;group:zeek_opcua;kind:termfield;friendly:text;help:text -zeek.opcua_binary_get_endpoints_description.application_type=db:zeek.opcua_binary_get_endpoints_description.application_type;group:zeek_opcua;kind:integer;friendly:application_type;help:application_type -zeek.opcua_binary_get_endpoints_description.gateway_server_uri=db:zeek.opcua_binary_get_endpoints_description.gateway_server_uri;group:zeek_opcua;kind:termfield;friendly:gateway_server_uri;help:gateway_server_uri -zeek.opcua_binary_get_endpoints_description.discovery_profile_uri=db:zeek.opcua_binary_get_endpoints_description.discovery_profile_uri;group:zeek_opcua;kind:termfield;friendly:discovery_profile_uri;help:discovery_profile_uri -zeek.opcua_binary_get_endpoints_description.cert_size=db:zeek.opcua_binary_get_endpoints_description.cert_size;group:zeek_opcua;kind:integer;friendly:cert_size;help:cert_size -zeek.opcua_binary_get_endpoints_description.server_cert=db:zeek.opcua_binary_get_endpoints_description.server_cert;group:zeek_opcua;kind:termfield;friendly:server_cert;help:server_cert -zeek.opcua_binary_get_endpoints_description.message_security_mode=db:zeek.opcua_binary_get_endpoints_description.message_security_mode;group:zeek_opcua;kind:integer;friendly:message_security_mode;help:message_security_mode -zeek.opcua_binary_get_endpoints_description.security_policy_uri=db:zeek.opcua_binary_get_endpoints_description.security_policy_uri;group:zeek_opcua;kind:termfield;friendly:security_policy_uri;help:security_policy_uri -zeek.opcua_binary_get_endpoints_description.transport_profile_uri=db:zeek.opcua_binary_get_endpoints_description.transport_profile_uri;group:zeek_opcua;kind:termfield;friendly:transport_profile_uri;help:transport_profile_uri -zeek.opcua_binary_get_endpoints_description.security_level=db:zeek.opcua_binary_get_endpoints_description.security_level;group:zeek_opcua;kind:integer;friendly:security_level;help:security_level +zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id=db:zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_description_link_id;help:endpoint_description_link_id +zeek.opcua_binary_get_endpoints_description.endpoint_uri=db:zeek.opcua_binary_get_endpoints_description.endpoint_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_uri;help:endpoint_uri +zeek.opcua_binary_get_endpoints_description.application_uri=db:zeek.opcua_binary_get_endpoints_description.application_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:application_uri;help:application_uri +zeek.opcua_binary_get_endpoints_description.product_uri=db:zeek.opcua_binary_get_endpoints_description.product_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:product_uri;help:product_uri +zeek.opcua_binary_get_endpoints_description.encoding_mask=db:zeek.opcua_binary_get_endpoints_description.encoding_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:encoding_mask;help:encoding_mask +zeek.opcua_binary_get_endpoints_description.locale=db:zeek.opcua_binary_get_endpoints_description.locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale;help:locale +zeek.opcua_binary_get_endpoints_description.text=db:zeek.opcua_binary_get_endpoints_description.text;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:text;help:text +zeek.opcua_binary_get_endpoints_description.application_type=db:zeek.opcua_binary_get_endpoints_description.application_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:application_type;help:application_type +zeek.opcua_binary_get_endpoints_description.gateway_server_uri=db:zeek.opcua_binary_get_endpoints_description.gateway_server_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:gateway_server_uri;help:gateway_server_uri +zeek.opcua_binary_get_endpoints_description.discovery_profile_uri=db:zeek.opcua_binary_get_endpoints_description.discovery_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_uri;help:discovery_profile_uri +zeek.opcua_binary_get_endpoints_description.cert_size=db:zeek.opcua_binary_get_endpoints_description.cert_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:cert_size;help:cert_size +zeek.opcua_binary_get_endpoints_description.server_cert=db:zeek.opcua_binary_get_endpoints_description.server_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_cert;help:server_cert +zeek.opcua_binary_get_endpoints_description.message_security_mode=db:zeek.opcua_binary_get_endpoints_description.message_security_mode;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:message_security_mode;help:message_security_mode +zeek.opcua_binary_get_endpoints_description.security_policy_uri=db:zeek.opcua_binary_get_endpoints_description.security_policy_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:security_policy_uri;help:security_policy_uri +zeek.opcua_binary_get_endpoints_description.transport_profile_uri=db:zeek.opcua_binary_get_endpoints_description.transport_profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:transport_profile_uri;help:transport_profile_uri +zeek.opcua_binary_get_endpoints_description.security_level=db:zeek.opcua_binary_get_endpoints_description.security_level;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:security_level;help:security_level # opcua_binary_get_endpoints_discovery.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id=db:zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id;group:zeek_opcua;kind:termfield;friendly:discovery_profile_link_id;help:discovery_profile_link_id -zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url=db:zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url;group:zeek_opcua;kind:termfield;friendly:discovery_profile_url;help:discovery_profile_url +zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id=db:zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_link_id;help:discovery_profile_link_id +zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url=db:zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:discovery_profile_url;help:discovery_profile_url # opcua_binary_get_endpoints_locale_id.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints_locale_id.locale_link_id=db:zeek.opcua_binary_get_endpoints_locale_id.locale_link_id;group:zeek_opcua;kind:termfield;friendly:locale_link_id;help:locale_link_id -zeek.opcua_binary_get_endpoints_locale_id.locale_id=db:zeek.opcua_binary_get_endpoints_locale_id.locale_id;group:zeek_opcua;kind:termfield;friendly:locale_id;help:locale_id +zeek.opcua_binary_get_endpoints_locale_id.locale_link_id=db:zeek.opcua_binary_get_endpoints_locale_id.locale_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale_link_id;help:locale_link_id +zeek.opcua_binary_get_endpoints_locale_id.locale_id=db:zeek.opcua_binary_get_endpoints_locale_id.locale_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:locale_id;help:locale_id # opcua_binary_get_endpoints_profile_uri.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id=db:zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id;group:zeek_opcua;kind:termfield;friendly:profile_uri_link_id;help:profile_uri_link_id -zeek.opcua_binary_get_endpoints_profile_uri.profile_uri=db:zeek.opcua_binary_get_endpoints_profile_uri.profile_uri;group:zeek_opcua;kind:termfield;friendly:profile_uri;help:profile_uri +zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id=db:zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:profile_uri_link_id;help:profile_uri_link_id +zeek.opcua_binary_get_endpoints_profile_uri.profile_uri=db:zeek.opcua_binary_get_endpoints_profile_uri.profile_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:profile_uri;help:profile_uri # opcua_binary_get_endpoints_user_token.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_get_endpoints_user_token.user_token_link_id=db:zeek.opcua_binary_get_endpoints_user_token.user_token_link_id;group:zeek_opcua;kind:termfield;friendly:user_token_link_id;help:user_token_link_id -zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id=db:zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id;group:zeek_opcua;kind:termfield;friendly:user_token_policy_id;help:user_token_policy_id -zeek.opcua_binary_get_endpoints_user_token.user_token_type=db:zeek.opcua_binary_get_endpoints_user_token.user_token_type;group:zeek_opcua;kind:integer;friendly:user_token_type;help:user_token_type -zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type=db:zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type;group:zeek_opcua;kind:termfield;friendly:user_token_issued_type;help:user_token_issued_type -zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url=db:zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url;group:zeek_opcua;kind:termfield;friendly:user_token_endpoint_url;help:user_token_endpoint_url -zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri=db:zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri;group:zeek_opcua;kind:termfield;friendly:user_token_sec_policy_uri;help:user_token_sec_policy_uri +zeek.opcua_binary_get_endpoints_user_token.user_token_link_id=db:zeek.opcua_binary_get_endpoints_user_token.user_token_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_link_id;help:user_token_link_id +zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id=db:zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_policy_id;help:user_token_policy_id +zeek.opcua_binary_get_endpoints_user_token.user_token_type=db:zeek.opcua_binary_get_endpoints_user_token.user_token_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:user_token_type;help:user_token_type +zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type=db:zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_issued_type;help:user_token_issued_type +zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url=db:zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_endpoint_url;help:user_token_endpoint_url +zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri=db:zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:user_token_sec_policy_uri;help:user_token_sec_policy_uri # opcua_binary.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary.encoding_mask=db:zeek.opcua_binary.encoding_mask;group:zeek_opcua;kind:integer;friendly:encoding_mask;help:encoding_mask -zeek.opcua_binary.endpoint_url=db:zeek.opcua_binary.endpoint_url;group:zeek_opcua;kind:termfield;friendly:endpoint_url;help:endpoint_url -zeek.opcua_binary.error=db:zeek.opcua_binary.error;group:zeek_opcua;kind:integer;friendly:error;help:error -zeek.opcua_binary.filter_source_link_id=db:zeek.opcua_binary.filter_source_link_id;group:zeek_opcua;kind:termfield;friendly:filter_source_link_id;help:filter_source_link_id -zeek.opcua_binary.identifier=db:zeek.opcua_binary.identifier;group:zeek_opcua;kind:integer;friendly:identifier;help:identifier -zeek.opcua_binary.identifier_str=db:zeek.opcua_binary.identifier_str;group:zeek_opcua;kind:termfield;friendly:identifier_str;help:identifier_str -zeek.opcua_binary.is_final=db:zeek.opcua_binary.is_final;group:zeek_opcua;kind:termfield;friendly:is_final;help:is_final -zeek.opcua_binary.max_chunk_cnt=db:zeek.opcua_binary.max_chunk_cnt;group:zeek_opcua;kind:integer;friendly:max_chunk_cnt;help:max_chunk_cnt -zeek.opcua_binary.max_msg_size=db:zeek.opcua_binary.max_msg_size;group:zeek_opcua;kind:integer;friendly:max_msg_size;help:max_msg_size -zeek.opcua_binary.msg_size=db:zeek.opcua_binary.msg_size;group:zeek_opcua;kind:integer;friendly:msg_size;help:msg_size -zeek.opcua_binary.msg_type=db:zeek.opcua_binary.msg_type;group:zeek_opcua;kind:termfield;friendly:msg_type;help:msg_type -zeek.opcua_binary.namespace_idx=db:zeek.opcua_binary.namespace_idx;group:zeek_opcua;kind:termfield;friendly:namespace_idx;help:namespace_idx -zeek.opcua_binary.opcua_link_id=db:zeek.opcua_binary.opcua_link_id;group:zeek_opcua;kind:termfield;friendly:opcua_link_id;help:opcua_link_id -zeek.opcua_binary.operand_source_link_id=db:zeek.opcua_binary.operand_source_link_id;group:zeek_opcua;kind:termfield;friendly:operand_source_link_id;help:operand_source_link_id -zeek.opcua_binary.rcv_buf_size=db:zeek.opcua_binary.rcv_buf_size;group:zeek_opcua;kind:integer;friendly:rcv_buf_size;help:rcv_buf_size -zeek.opcua_binary.rcv_cert=db:zeek.opcua_binary.rcv_cert;group:zeek_opcua;kind:termfield;friendly:rcv_cert;help:rcv_cert -zeek.opcua_binary.rcv_cert_len=db:zeek.opcua_binary.rcv_cert_len;group:zeek_opcua;kind:integer;friendly:rcv_cert_len;help:rcv_cert_len -zeek.opcua_binary.reason=db:zeek.opcua_binary.reason;group:zeek_opcua;kind:termfield;friendly:reason;help:reason -zeek.opcua_binary.req_hdr_add_hdr_enc_mask=db:zeek.opcua_binary.req_hdr_add_hdr_enc_mask;group:zeek_opcua;kind:integer;friendly:req_hdr_add_hdr_enc_mask;help:req_hdr_add_hdr_enc_mask -zeek.opcua_binary.req_hdr_add_hdr_type_id=db:zeek.opcua_binary.req_hdr_add_hdr_type_id;group:zeek_opcua;kind:integer;friendly:req_hdr_add_hdr_type_id;help:req_hdr_add_hdr_type_id -zeek.opcua_binary.req_hdr_audit_entry_id=db:zeek.opcua_binary.req_hdr_audit_entry_id;group:zeek_opcua;kind:termfield;friendly:req_hdr_audit_entry_id;help:req_hdr_audit_entry_id -zeek.opcua_binary.req_hdr_node_id_guid=db:zeek.opcua_binary.req_hdr_node_id_guid;group:zeek_opcua;kind:termfield;friendly:req_hdr_node_id_guid;help:req_hdr_node_id_guid -zeek.opcua_binary.req_hdr_node_id_namespace_idx=db:zeek.opcua_binary.req_hdr_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:req_hdr_node_id_namespace_idx;help:req_hdr_node_id_namespace_idx -zeek.opcua_binary.req_hdr_node_id_numeric=db:zeek.opcua_binary.req_hdr_node_id_numeric;group:zeek_opcua;kind:integer;friendly:req_hdr_node_id_numeric;help:req_hdr_node_id_numeric -zeek.opcua_binary.req_hdr_node_id_opaque=db:zeek.opcua_binary.req_hdr_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:req_hdr_node_id_opaque;help:req_hdr_node_id_opaque -zeek.opcua_binary.req_hdr_node_id_string=db:zeek.opcua_binary.req_hdr_node_id_string;group:zeek_opcua;kind:termfield;friendly:req_hdr_node_id_string;help:req_hdr_node_id_string -zeek.opcua_binary.req_hdr_node_id_type=db:zeek.opcua_binary.req_hdr_node_id_type;group:zeek_opcua;kind:termfield;friendly:req_hdr_node_id_type;help:req_hdr_node_id_type -zeek.opcua_binary.req_hdr_request_handle=db:zeek.opcua_binary.req_hdr_request_handle;group:zeek_opcua;kind:integer;friendly:req_hdr_request_handle;help:req_hdr_request_handle -zeek.opcua_binary.req_hdr_return_diag=db:zeek.opcua_binary.req_hdr_return_diag;group:zeek_opcua;kind:integer;friendly:req_hdr_return_diag;help:req_hdr_return_diag -zeek.opcua_binary.req_hdr_timeout_hint=db:zeek.opcua_binary.req_hdr_timeout_hint;group:zeek_opcua;kind:integer;friendly:req_hdr_timeout_hint;help:req_hdr_timeout_hint -zeek.opcua_binary.req_hdr_timestamp=db:zeek.opcua_binary.req_hdr_timestamp;group:zeek_opcua;kind:termfield;friendly:req_hdr_timestamp;help:req_hdr_timestamp -zeek.opcua_binary.request_id=db:zeek.opcua_binary.request_id;group:zeek_opcua;kind:integer;friendly:request_id;help:request_id -zeek.opcua_binary.res_hdr_add_hdr_enc_mask=db:zeek.opcua_binary.res_hdr_add_hdr_enc_mask;group:zeek_opcua;kind:integer;friendly:res_hdr_add_hdr_enc_mask;help:res_hdr_add_hdr_enc_mask -zeek.opcua_binary.res_hdr_add_hdr_type_id=db:zeek.opcua_binary.res_hdr_add_hdr_type_id;group:zeek_opcua;kind:integer;friendly:res_hdr_add_hdr_type_id;help:res_hdr_add_hdr_type_id -zeek.opcua_binary.res_hdr_request_handle=db:zeek.opcua_binary.res_hdr_request_handle;group:zeek_opcua;kind:integer;friendly:res_hdr_request_handle;help:res_hdr_request_handle -zeek.opcua_binary.res_hdr_service_diag_encoding=db:zeek.opcua_binary.res_hdr_service_diag_encoding;group:zeek_opcua;kind:integer;friendly:res_hdr_service_diag_encoding;help:res_hdr_service_diag_encoding -zeek.opcua_binary.res_hdr_timestamp=db:zeek.opcua_binary.res_hdr_timestamp;group:zeek_opcua;kind:termfield;friendly:res_hdr_timestamp;help:res_hdr_timestamp -zeek.opcua_binary.sec_channel_id=db:zeek.opcua_binary.sec_channel_id;group:zeek_opcua;kind:integer;friendly:sec_channel_id;help:sec_channel_id -zeek.opcua_binary.sec_policy_uri=db:zeek.opcua_binary.sec_policy_uri;group:zeek_opcua;kind:termfield;friendly:sec_policy_uri;help:sec_policy_uri -zeek.opcua_binary.sec_policy_uri_len=db:zeek.opcua_binary.sec_policy_uri_len;group:zeek_opcua;kind:integer;friendly:sec_policy_uri_len;help:sec_policy_uri_len -zeek.opcua_binary.seq_number=db:zeek.opcua_binary.seq_number;group:zeek_opcua;kind:integer;friendly:seq_number;help:seq_number -zeek.opcua_binary.snd_buf_size=db:zeek.opcua_binary.snd_buf_size;group:zeek_opcua;kind:integer;friendly:snd_buf_size;help:snd_buf_size -zeek.opcua_binary.snd_cert=db:zeek.opcua_binary.snd_cert;group:zeek_opcua;kind:termfield;friendly:snd_cert;help:snd_cert -zeek.opcua_binary.snd_cert_len=db:zeek.opcua_binary.snd_cert_len;group:zeek_opcua;kind:integer;friendly:snd_cert_len;help:snd_cert_len -zeek.opcua_binary.variant_source_link_id=db:zeek.opcua_binary.variant_source_link_id;group:zeek_opcua;kind:termfield;friendly:variant_source_link_id;help:variant_source_link_id -zeek.opcua_binary.version=db:zeek.opcua_binary.version;group:zeek_opcua;kind:integer;friendly:version;help:version +zeek.opcua_binary.encoding_mask=db:zeek.opcua_binary.encoding_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:encoding_mask;help:encoding_mask +zeek.opcua_binary.endpoint_url=db:zeek.opcua_binary.endpoint_url;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:endpoint_url;help:endpoint_url +zeek.opcua_binary.error=db:zeek.opcua_binary.error;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:error;help:error +zeek.opcua_binary.filter_source_link_id=db:zeek.opcua_binary.filter_source_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:filter_source_link_id;help:filter_source_link_id +zeek.opcua_binary.identifier=db:zeek.opcua_binary.identifier;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:identifier;help:identifier +zeek.opcua_binary.identifier_str=db:zeek.opcua_binary.identifier_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:identifier_str;help:identifier_str +zeek.opcua_binary.is_final=db:zeek.opcua_binary.is_final;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:is_final;help:is_final +zeek.opcua_binary.max_chunk_cnt=db:zeek.opcua_binary.max_chunk_cnt;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_chunk_cnt;help:max_chunk_cnt +zeek.opcua_binary.max_msg_size=db:zeek.opcua_binary.max_msg_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_msg_size;help:max_msg_size +zeek.opcua_binary.msg_size=db:zeek.opcua_binary.msg_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:msg_size;help:msg_size +zeek.opcua_binary.msg_type=db:zeek.opcua_binary.msg_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:msg_type;help:msg_type +zeek.opcua_binary.namespace_idx=db:zeek.opcua_binary.namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:namespace_idx;help:namespace_idx +zeek.opcua_binary.opcua_link_id=db:zeek.opcua_binary.opcua_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:opcua_link_id;help:opcua_link_id +zeek.opcua_binary.operand_source_link_id=db:zeek.opcua_binary.operand_source_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:operand_source_link_id;help:operand_source_link_id +zeek.opcua_binary.rcv_buf_size=db:zeek.opcua_binary.rcv_buf_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:rcv_buf_size;help:rcv_buf_size +zeek.opcua_binary.rcv_cert=db:zeek.opcua_binary.rcv_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:rcv_cert;help:rcv_cert +zeek.opcua_binary.rcv_cert_len=db:zeek.opcua_binary.rcv_cert_len;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:rcv_cert_len;help:rcv_cert_len +zeek.opcua_binary.reason=db:zeek.opcua_binary.reason;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:reason;help:reason +zeek.opcua_binary.req_hdr_add_hdr_enc_mask=db:zeek.opcua_binary.req_hdr_add_hdr_enc_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_add_hdr_enc_mask;help:req_hdr_add_hdr_enc_mask +zeek.opcua_binary.req_hdr_add_hdr_type_id=db:zeek.opcua_binary.req_hdr_add_hdr_type_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_add_hdr_type_id;help:req_hdr_add_hdr_type_id +zeek.opcua_binary.req_hdr_audit_entry_id=db:zeek.opcua_binary.req_hdr_audit_entry_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_audit_entry_id;help:req_hdr_audit_entry_id +zeek.opcua_binary.req_hdr_node_id_guid=db:zeek.opcua_binary.req_hdr_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_node_id_guid;help:req_hdr_node_id_guid +zeek.opcua_binary.req_hdr_node_id_namespace_idx=db:zeek.opcua_binary.req_hdr_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_node_id_namespace_idx;help:req_hdr_node_id_namespace_idx +zeek.opcua_binary.req_hdr_node_id_numeric=db:zeek.opcua_binary.req_hdr_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_node_id_numeric;help:req_hdr_node_id_numeric +zeek.opcua_binary.req_hdr_node_id_opaque=db:zeek.opcua_binary.req_hdr_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_node_id_opaque;help:req_hdr_node_id_opaque +zeek.opcua_binary.req_hdr_node_id_string=db:zeek.opcua_binary.req_hdr_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_node_id_string;help:req_hdr_node_id_string +zeek.opcua_binary.req_hdr_node_id_type=db:zeek.opcua_binary.req_hdr_node_id_type;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_node_id_type;help:req_hdr_node_id_type +zeek.opcua_binary.req_hdr_request_handle=db:zeek.opcua_binary.req_hdr_request_handle;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_request_handle;help:req_hdr_request_handle +zeek.opcua_binary.req_hdr_return_diag=db:zeek.opcua_binary.req_hdr_return_diag;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_return_diag;help:req_hdr_return_diag +zeek.opcua_binary.req_hdr_timeout_hint=db:zeek.opcua_binary.req_hdr_timeout_hint;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_hdr_timeout_hint;help:req_hdr_timeout_hint +zeek.opcua_binary.req_hdr_timestamp=db:zeek.opcua_binary.req_hdr_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:req_hdr_timestamp;help:req_hdr_timestamp +zeek.opcua_binary.request_id=db:zeek.opcua_binary.request_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:request_id;help:request_id +zeek.opcua_binary.res_hdr_add_hdr_enc_mask=db:zeek.opcua_binary.res_hdr_add_hdr_enc_mask;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:res_hdr_add_hdr_enc_mask;help:res_hdr_add_hdr_enc_mask +zeek.opcua_binary.res_hdr_add_hdr_type_id=db:zeek.opcua_binary.res_hdr_add_hdr_type_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:res_hdr_add_hdr_type_id;help:res_hdr_add_hdr_type_id +zeek.opcua_binary.res_hdr_request_handle=db:zeek.opcua_binary.res_hdr_request_handle;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:res_hdr_request_handle;help:res_hdr_request_handle +zeek.opcua_binary.res_hdr_service_diag_encoding=db:zeek.opcua_binary.res_hdr_service_diag_encoding;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:res_hdr_service_diag_encoding;help:res_hdr_service_diag_encoding +zeek.opcua_binary.res_hdr_timestamp=db:zeek.opcua_binary.res_hdr_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:res_hdr_timestamp;help:res_hdr_timestamp +zeek.opcua_binary.sec_channel_id=db:zeek.opcua_binary.sec_channel_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_channel_id;help:sec_channel_id +zeek.opcua_binary.sec_policy_uri=db:zeek.opcua_binary.sec_policy_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:sec_policy_uri;help:sec_policy_uri +zeek.opcua_binary.sec_policy_uri_len=db:zeek.opcua_binary.sec_policy_uri_len;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_policy_uri_len;help:sec_policy_uri_len +zeek.opcua_binary.seq_number=db:zeek.opcua_binary.seq_number;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:seq_number;help:seq_number +zeek.opcua_binary.snd_buf_size=db:zeek.opcua_binary.snd_buf_size;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:snd_buf_size;help:snd_buf_size +zeek.opcua_binary.snd_cert=db:zeek.opcua_binary.snd_cert;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:snd_cert;help:snd_cert +zeek.opcua_binary.snd_cert_len=db:zeek.opcua_binary.snd_cert_len;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:snd_cert_len;help:snd_cert_len +zeek.opcua_binary.variant_source_link_id=db:zeek.opcua_binary.variant_source_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_source_link_id;help:variant_source_link_id +zeek.opcua_binary.version=db:zeek.opcua_binary.version;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:version;help:version # opcua_binary_event_filter_literal_operand.log @@ -1225,1329 +1222,1329 @@ zeek.opcua_binary.version=db:zeek.opcua_binary.version;group:zeek_opcua;kind:int # opcua_binary_opensecure_channel.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_opensecure_channel.client_proto_ver=db:zeek.opcua_binary_opensecure_channel.client_proto_ver;group:zeek_opcua;kind:integer;friendly:client_proto_ver;help:client_proto_ver -zeek.opcua_binary_opensecure_channel.sec_token_request_type=db:zeek.opcua_binary_opensecure_channel.sec_token_request_type;group:zeek_opcua;kind:integer;friendly:sec_token_request_type;help:sec_token_request_type -zeek.opcua_binary_opensecure_channel.message_security_mode=db:zeek.opcua_binary_opensecure_channel.message_security_mode;group:zeek_opcua;kind:integer;friendly:message_security_mode;help:message_security_mode -zeek.opcua_binary_opensecure_channel.client_nonce=db:zeek.opcua_binary_opensecure_channel.client_nonce;group:zeek_opcua;kind:termfield;friendly:client_nonce;help:client_nonce -zeek.opcua_binary_opensecure_channel.req_lifetime=db:zeek.opcua_binary_opensecure_channel.req_lifetime;group:zeek_opcua;kind:integer;friendly:req_lifetime;help:req_lifetime -zeek.opcua_binary_opensecure_channel.server_proto_ver=db:zeek.opcua_binary_opensecure_channel.server_proto_ver;group:zeek_opcua;kind:integer;friendly:server_proto_ver;help:server_proto_ver -zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id=db:zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id;group:zeek_opcua;kind:integer;friendly:sec_token_sec_channel_id;help:sec_token_sec_channel_id -zeek.opcua_binary_opensecure_channel.sec_token_id=db:zeek.opcua_binary_opensecure_channel.sec_token_id;group:zeek_opcua;kind:integer;friendly:sec_token_id;help:sec_token_id -zeek.opcua_binary_opensecure_channel.sec_token_created_at=db:zeek.opcua_binary_opensecure_channel.sec_token_created_at;group:zeek_opcua;kind:termfield;friendly:sec_token_created_at;help:sec_token_created_at -zeek.opcua_binary_opensecure_channel.sec_token_revised_time=db:zeek.opcua_binary_opensecure_channel.sec_token_revised_time;group:zeek_opcua;kind:integer;friendly:sec_token_revised_time;help:sec_token_revised_time -zeek.opcua_binary_opensecure_channel.server_nonce=db:zeek.opcua_binary_opensecure_channel.server_nonce;group:zeek_opcua;kind:termfield;friendly:server_nonce;help:server_nonce +zeek.opcua_binary_opensecure_channel.client_proto_ver=db:zeek.opcua_binary_opensecure_channel.client_proto_ver;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:client_proto_ver;help:client_proto_ver +zeek.opcua_binary_opensecure_channel.sec_token_request_type=db:zeek.opcua_binary_opensecure_channel.sec_token_request_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_token_request_type;help:sec_token_request_type +zeek.opcua_binary_opensecure_channel.message_security_mode=db:zeek.opcua_binary_opensecure_channel.message_security_mode;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:message_security_mode;help:message_security_mode +zeek.opcua_binary_opensecure_channel.client_nonce=db:zeek.opcua_binary_opensecure_channel.client_nonce;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_nonce;help:client_nonce +zeek.opcua_binary_opensecure_channel.req_lifetime=db:zeek.opcua_binary_opensecure_channel.req_lifetime;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:req_lifetime;help:req_lifetime +zeek.opcua_binary_opensecure_channel.server_proto_ver=db:zeek.opcua_binary_opensecure_channel.server_proto_ver;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:server_proto_ver;help:server_proto_ver +zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id=db:zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_token_sec_channel_id;help:sec_token_sec_channel_id +zeek.opcua_binary_opensecure_channel.sec_token_id=db:zeek.opcua_binary_opensecure_channel.sec_token_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_token_id;help:sec_token_id +zeek.opcua_binary_opensecure_channel.sec_token_created_at=db:zeek.opcua_binary_opensecure_channel.sec_token_created_at;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:sec_token_created_at;help:sec_token_created_at +zeek.opcua_binary_opensecure_channel.sec_token_revised_time=db:zeek.opcua_binary_opensecure_channel.sec_token_revised_time;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sec_token_revised_time;help:sec_token_revised_time +zeek.opcua_binary_opensecure_channel.server_nonce=db:zeek.opcua_binary_opensecure_channel.server_nonce;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_nonce;help:server_nonce # opcua_binary_read.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_read.max_age=db:zeek.opcua_binary_read.max_age;group:zeek_opcua;kind:integer;friendly:max_age;help:max_age -zeek.opcua_binary_read.timestamps_to_return=db:zeek.opcua_binary_read.timestamps_to_return;group:zeek_opcua;kind:integer;friendly:timestamps_to_return;help:timestamps_to_return -zeek.opcua_binary_read.timestamps_to_return_str=db:zeek.opcua_binary_read.timestamps_to_return_str;group:zeek_opcua;kind:termfield;friendly:timestamps_to_return_str;help:timestamps_to_return_str +zeek.opcua_binary_read.max_age=db:zeek.opcua_binary_read.max_age;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:max_age;help:max_age +zeek.opcua_binary_read.timestamps_to_return=db:zeek.opcua_binary_read.timestamps_to_return;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:timestamps_to_return;help:timestamps_to_return +zeek.opcua_binary_read.timestamps_to_return_str=db:zeek.opcua_binary_read.timestamps_to_return_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:timestamps_to_return_str;help:timestamps_to_return_str # opcua_binary_read_nodes_to_read.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id=db:zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id;group:zeek_opcua;kind:termfield;friendly:nodes_to_read_link_id;help:nodes_to_read_link_id -zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask=db:zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:node_id_encoding_mask;help:node_id_encoding_mask -zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx=db:zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:node_id_namespace_idx;help:node_id_namespace_idx -zeek.opcua_binary_read_nodes_to_read.node_id_numeric=db:zeek.opcua_binary_read_nodes_to_read.node_id_numeric;group:zeek_opcua;kind:integer;friendly:node_id_numeric;help:node_id_numeric -zeek.opcua_binary_read_nodes_to_read.node_id_string=db:zeek.opcua_binary_read_nodes_to_read.node_id_string;group:zeek_opcua;kind:termfield;friendly:node_id_string;help:node_id_string -zeek.opcua_binary_read_nodes_to_read.node_id_guid=db:zeek.opcua_binary_read_nodes_to_read.node_id_guid;group:zeek_opcua;kind:termfield;friendly:node_id_guid;help:node_id_guid -zeek.opcua_binary_read_nodes_to_read.node_id_opaque=db:zeek.opcua_binary_read_nodes_to_read.node_id_opaque;group:zeek_opcua;kind:termfield;friendly:node_id_opaque;help:node_id_opaque -zeek.opcua_binary_read_nodes_to_read.attribute_id=db:zeek.opcua_binary_read_nodes_to_read.attribute_id;group:zeek_opcua;kind:integer;friendly:attribute_id;help:attribute_id -zeek.opcua_binary_read_nodes_to_read.attribute_id_str=db:zeek.opcua_binary_read_nodes_to_read.attribute_id_str;group:zeek_opcua;kind:termfield;friendly:attribute_id_str;help:attribute_id_str -zeek.opcua_binary_read_nodes_to_read.index_range=db:zeek.opcua_binary_read_nodes_to_read.index_range;group:zeek_opcua;kind:termfield;friendly:index_range;help:index_range -zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx=db:zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx;group:zeek_opcua;kind:integer;friendly:data_encoding_name_idx;help:data_encoding_name_idx -zeek.opcua_binary_read_nodes_to_read.data_encoding_name=db:zeek.opcua_binary_read_nodes_to_read.data_encoding_name;group:zeek_opcua;kind:termfield;friendly:data_encoding_name;help:data_encoding_name +zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id=db:zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:nodes_to_read_link_id;help:nodes_to_read_link_id +zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask=db:zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_encoding_mask;help:node_id_encoding_mask +zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx=db:zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_namespace_idx;help:node_id_namespace_idx +zeek.opcua_binary_read_nodes_to_read.node_id_numeric=db:zeek.opcua_binary_read_nodes_to_read.node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:node_id_numeric;help:node_id_numeric +zeek.opcua_binary_read_nodes_to_read.node_id_string=db:zeek.opcua_binary_read_nodes_to_read.node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_string;help:node_id_string +zeek.opcua_binary_read_nodes_to_read.node_id_guid=db:zeek.opcua_binary_read_nodes_to_read.node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_guid;help:node_id_guid +zeek.opcua_binary_read_nodes_to_read.node_id_opaque=db:zeek.opcua_binary_read_nodes_to_read.node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:node_id_opaque;help:node_id_opaque +zeek.opcua_binary_read_nodes_to_read.attribute_id=db:zeek.opcua_binary_read_nodes_to_read.attribute_id;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:attribute_id;help:attribute_id +zeek.opcua_binary_read_nodes_to_read.attribute_id_str=db:zeek.opcua_binary_read_nodes_to_read.attribute_id_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:attribute_id_str;help:attribute_id_str +zeek.opcua_binary_read_nodes_to_read.index_range=db:zeek.opcua_binary_read_nodes_to_read.index_range;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:index_range;help:index_range +zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx=db:zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:data_encoding_name_idx;help:data_encoding_name_idx +zeek.opcua_binary_read_nodes_to_read.data_encoding_name=db:zeek.opcua_binary_read_nodes_to_read.data_encoding_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:data_encoding_name;help:data_encoding_name # opcua_binary_read_results.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_read_results.results_link_id=db:zeek.opcua_binary_read_results.results_link_id;group:zeek_opcua;kind:termfield;friendly:results_link_id;help:results_link_id -zeek.opcua_binary_read_results.level=db:zeek.opcua_binary_read_results.level;group:zeek_opcua;kind:integer;friendly:level;help:level -zeek.opcua_binary_read_results.data_value_encoding_mask=db:zeek.opcua_binary_read_results.data_value_encoding_mask;group:zeek_opcua;kind:termfield;friendly:data_value_encoding_mask;help:data_value_encoding_mask -zeek.opcua_binary_read_results.source_timestamp=db:zeek.opcua_binary_read_results.source_timestamp;group:zeek_opcua;kind:termfield;friendly:source_timestamp;help:source_timestamp -zeek.opcua_binary_read_results.source_pico_sec=db:zeek.opcua_binary_read_results.source_pico_sec;group:zeek_opcua;kind:integer;friendly:source_pico_sec;help:source_pico_sec -zeek.opcua_binary_read_results.server_timestamp=db:zeek.opcua_binary_read_results.server_timestamp;group:zeek_opcua;kind:termfield;friendly:server_timestamp;help:server_timestamp -zeek.opcua_binary_read_results.server_pico_sec=db:zeek.opcua_binary_read_results.server_pico_sec;group:zeek_opcua;kind:integer;friendly:server_pico_sec;help:server_pico_sec +zeek.opcua_binary_read_results.results_link_id=db:zeek.opcua_binary_read_results.results_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:results_link_id;help:results_link_id +zeek.opcua_binary_read_results.level=db:zeek.opcua_binary_read_results.level;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:level;help:level +zeek.opcua_binary_read_results.data_value_encoding_mask=db:zeek.opcua_binary_read_results.data_value_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:data_value_encoding_mask;help:data_value_encoding_mask +zeek.opcua_binary_read_results.source_timestamp=db:zeek.opcua_binary_read_results.source_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:source_timestamp;help:source_timestamp +zeek.opcua_binary_read_results.source_pico_sec=db:zeek.opcua_binary_read_results.source_pico_sec;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:source_pico_sec;help:source_pico_sec +zeek.opcua_binary_read_results.server_timestamp=db:zeek.opcua_binary_read_results.server_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_timestamp;help:server_timestamp +zeek.opcua_binary_read_results.server_pico_sec=db:zeek.opcua_binary_read_results.server_pico_sec;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:server_pico_sec;help:server_pico_sec # opcua_binary_event_filter_select_clause.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_select_clause.select_clause_link_id=db:zeek.opcua_binary_event_filter_select_clause.select_clause_link_id;group:zeek_opcua;kind:termfield;friendly:select_clause_link_id;help:select_clause_link_id -zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:type_id_encoding_mask;help:type_id_encoding_mask -zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:type_id_namespace_idx;help:type_id_namespace_idx -zeek.opcua_binary_event_filter_select_clause.type_id_numeric=db:zeek.opcua_binary_event_filter_select_clause.type_id_numeric;group:zeek_opcua;kind:integer;friendly:type_id_numeric;help:type_id_numeric -zeek.opcua_binary_event_filter_select_clause.type_id_string=db:zeek.opcua_binary_event_filter_select_clause.type_id_string;group:zeek_opcua;kind:termfield;friendly:type_id_string;help:type_id_string -zeek.opcua_binary_event_filter_select_clause.type_id_guid=db:zeek.opcua_binary_event_filter_select_clause.type_id_guid;group:zeek_opcua;kind:termfield;friendly:type_id_guid;help:type_id_guid -zeek.opcua_binary_event_filter_select_clause.type_id_opaque=db:zeek.opcua_binary_event_filter_select_clause.type_id_opaque;group:zeek_opcua;kind:termfield;friendly:type_id_opaque;help:type_id_opaque -zeek.opcua_binary_event_filter_select_clause.attribute_id=db:zeek.opcua_binary_event_filter_select_clause.attribute_id;group:zeek_opcua;kind:termfield;friendly:attribute_id;help:attribute_id -zeek.opcua_binary_event_filter_select_clause.index_range=db:zeek.opcua_binary_event_filter_select_clause.index_range;group:zeek_opcua;kind:termfield;friendly:index_range;help:index_range +zeek.opcua_binary_event_filter_select_clause.select_clause_link_id=db:zeek.opcua_binary_event_filter_select_clause.select_clause_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:select_clause_link_id;help:select_clause_link_id +zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_encoding_mask;help:type_id_encoding_mask +zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_namespace_idx;help:type_id_namespace_idx +zeek.opcua_binary_event_filter_select_clause.type_id_numeric=db:zeek.opcua_binary_event_filter_select_clause.type_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:type_id_numeric;help:type_id_numeric +zeek.opcua_binary_event_filter_select_clause.type_id_string=db:zeek.opcua_binary_event_filter_select_clause.type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_string;help:type_id_string +zeek.opcua_binary_event_filter_select_clause.type_id_guid=db:zeek.opcua_binary_event_filter_select_clause.type_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_guid;help:type_id_guid +zeek.opcua_binary_event_filter_select_clause.type_id_opaque=db:zeek.opcua_binary_event_filter_select_clause.type_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_opaque;help:type_id_opaque +zeek.opcua_binary_event_filter_select_clause.attribute_id=db:zeek.opcua_binary_event_filter_select_clause.attribute_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:attribute_id;help:attribute_id +zeek.opcua_binary_event_filter_select_clause.index_range=db:zeek.opcua_binary_event_filter_select_clause.index_range;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:index_range;help:index_range # opcua_binary_event_filter_simple_attribute_operand.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:type_id_encoding_mask;help:type_id_encoding_mask -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:type_id_namespace_idx;help:type_id_namespace_idx -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric;group:zeek_opcua;kind:integer;friendly:type_id_numeric;help:type_id_numeric -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string;group:zeek_opcua;kind:termfield;friendly:type_id_string;help:type_id_string -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid;group:zeek_opcua;kind:termfield;friendly:type_id_guid;help:type_id_guid -zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque;group:zeek_opcua;kind:termfield;friendly:type_id_opaque;help:type_id_opaque -zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id=db:zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id;group:zeek_opcua;kind:termfield;friendly:attribute_id;help:attribute_id -zeek.opcua_binary_event_filter_simple_attribute_operand.index_range=db:zeek.opcua_binary_event_filter_simple_attribute_operand.index_range;group:zeek_opcua;kind:termfield;friendly:index_range;help:index_range +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_encoding_mask;help:type_id_encoding_mask +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_namespace_idx;help:type_id_namespace_idx +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:type_id_numeric;help:type_id_numeric +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_string;help:type_id_string +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_guid;help:type_id_guid +zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque=db:zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:type_id_opaque;help:type_id_opaque +zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id=db:zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:attribute_id;help:attribute_id +zeek.opcua_binary_event_filter_simple_attribute_operand.index_range=db:zeek.opcua_binary_event_filter_simple_attribute_operand.index_range;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:index_range;help:index_range # opcua_binary_event_filter_simple_attribute_operand_browse_paths.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id;group:zeek_opcua;kind:termfield;friendly:simple_attribute_operand_browse_path_link_id;help:simple_attribute_operand_browse_path_link_id -zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src;group:zeek_opcua;kind:termfield;friendly:browse_path_src;help:browse_path_src -zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index;group:zeek_opcua;kind:integer;friendly:namespace_index;help:namespace_index -zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name;group:zeek_opcua;kind:termfield;friendly:name;help:name +zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:simple_attribute_operand_browse_path_link_id;help:simple_attribute_operand_browse_path_link_id +zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:browse_path_src;help:browse_path_src +zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:namespace_index;help:namespace_index +zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name=db:zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:name;help:name # opcua_binary_status_code_detail.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_status_code_detail.status_code_link_id=db:zeek.opcua_binary_status_code_detail.status_code_link_id;group:zeek_opcua;kind:termfield;friendly:status_code_link_id;help:status_code_link_id -zeek.opcua_binary_status_code_detail.source=db:zeek.opcua_binary_status_code_detail.source;group:zeek_opcua;kind:integer;friendly:source;help:source -zeek.opcua_binary_status_code_detail.source_str=db:zeek.opcua_binary_status_code_detail.source_str;group:zeek_opcua;kind:termfield;friendly:source_str;help:source_str -zeek.opcua_binary_status_code_detail.source_level=db:zeek.opcua_binary_status_code_detail.source_level;group:zeek_opcua;kind:integer;friendly:source_level;help:source_level -zeek.opcua_binary_status_code_detail.status_code=db:zeek.opcua_binary_status_code_detail.status_code;group:zeek_opcua;kind:termfield;friendly:status_code;help:status_code -zeek.opcua_binary_status_code_detail.severity=db:zeek.opcua_binary_status_code_detail.severity;group:zeek_opcua;kind:integer;friendly:severity;help:severity -zeek.opcua_binary_status_code_detail.severity_str=db:zeek.opcua_binary_status_code_detail.severity_str;group:zeek_opcua;kind:termfield;friendly:severity_str;help:severity_str -zeek.opcua_binary_status_code_detail.sub_code=db:zeek.opcua_binary_status_code_detail.sub_code;group:zeek_opcua;kind:integer;friendly:sub_code;help:sub_code -zeek.opcua_binary_status_code_detail.sub_code_str=db:zeek.opcua_binary_status_code_detail.sub_code_str;group:zeek_opcua;kind:termfield;friendly:sub_code_str;help:sub_code_str -zeek.opcua_binary_status_code_detail.structure_changed=db:zeek.opcua_binary_status_code_detail.structure_changed;group:zeek_opcua;kind:termfield;friendly:structure_changed;help:structure_changed -zeek.opcua_binary_status_code_detail.semantics_changed=db:zeek.opcua_binary_status_code_detail.semantics_changed;group:zeek_opcua;kind:termfield;friendly:semantics_changed;help:semantics_changed -zeek.opcua_binary_status_code_detail.info_type=db:zeek.opcua_binary_status_code_detail.info_type;group:zeek_opcua;kind:integer;friendly:info_type;help:info_type -zeek.opcua_binary_status_code_detail.info_type_str=db:zeek.opcua_binary_status_code_detail.info_type_str;group:zeek_opcua;kind:termfield;friendly:info_type_str;help:info_type_str -zeek.opcua_binary_status_code_detail.limit_bits=db:zeek.opcua_binary_status_code_detail.limit_bits;group:zeek_opcua;kind:integer;friendly:limit_bits;help:limit_bits -zeek.opcua_binary_status_code_detail.limit_bits_str=db:zeek.opcua_binary_status_code_detail.limit_bits_str;group:zeek_opcua;kind:termfield;friendly:limit_bits_str;help:limit_bits_str -zeek.opcua_binary_status_code_detail.overflow=db:zeek.opcua_binary_status_code_detail.overflow;group:zeek_opcua;kind:termfield;friendly:overflow;help:overflow -zeek.opcua_binary_status_code_detail.historian_bits=db:zeek.opcua_binary_status_code_detail.historian_bits;group:zeek_opcua;kind:integer;friendly:historian_bits;help:historian_bits -zeek.opcua_binary_status_code_detail.historian_bits_str=db:zeek.opcua_binary_status_code_detail.historian_bits_str;group:zeek_opcua;kind:termfield;friendly:historian_bits_str;help:historian_bits_str -zeek.opcua_binary_status_code_detail.historianpartial=db:zeek.opcua_binary_status_code_detail.historianpartial;group:zeek_opcua;kind:termfield;friendly:historianpartial;help:historianpartial -zeek.opcua_binary_status_code_detail.historianextradata=db:zeek.opcua_binary_status_code_detail.historianextradata;group:zeek_opcua;kind:termfield;friendly:historianextradata;help:historianextradata -zeek.opcua_binary_status_code_detail.historianmultivalue=db:zeek.opcua_binary_status_code_detail.historianmultivalue;group:zeek_opcua;kind:termfield;friendly:historianmultivalue;help:historianmultivalue +zeek.opcua_binary_status_code_detail.status_code_link_id=db:zeek.opcua_binary_status_code_detail.status_code_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:status_code_link_id;help:status_code_link_id +zeek.opcua_binary_status_code_detail.source=db:zeek.opcua_binary_status_code_detail.source;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:source;help:source +zeek.opcua_binary_status_code_detail.source_str=db:zeek.opcua_binary_status_code_detail.source_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:source_str;help:source_str +zeek.opcua_binary_status_code_detail.source_level=db:zeek.opcua_binary_status_code_detail.source_level;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:source_level;help:source_level +zeek.opcua_binary_status_code_detail.status_code=db:zeek.opcua_binary_status_code_detail.status_code;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:status_code;help:status_code +zeek.opcua_binary_status_code_detail.severity=db:zeek.opcua_binary_status_code_detail.severity;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:severity;help:severity +zeek.opcua_binary_status_code_detail.severity_str=db:zeek.opcua_binary_status_code_detail.severity_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:severity_str;help:severity_str +zeek.opcua_binary_status_code_detail.sub_code=db:zeek.opcua_binary_status_code_detail.sub_code;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:sub_code;help:sub_code +zeek.opcua_binary_status_code_detail.sub_code_str=db:zeek.opcua_binary_status_code_detail.sub_code_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:sub_code_str;help:sub_code_str +zeek.opcua_binary_status_code_detail.structure_changed=db:zeek.opcua_binary_status_code_detail.structure_changed;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:structure_changed;help:structure_changed +zeek.opcua_binary_status_code_detail.semantics_changed=db:zeek.opcua_binary_status_code_detail.semantics_changed;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:semantics_changed;help:semantics_changed +zeek.opcua_binary_status_code_detail.info_type=db:zeek.opcua_binary_status_code_detail.info_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:info_type;help:info_type +zeek.opcua_binary_status_code_detail.info_type_str=db:zeek.opcua_binary_status_code_detail.info_type_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:info_type_str;help:info_type_str +zeek.opcua_binary_status_code_detail.limit_bits=db:zeek.opcua_binary_status_code_detail.limit_bits;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:limit_bits;help:limit_bits +zeek.opcua_binary_status_code_detail.limit_bits_str=db:zeek.opcua_binary_status_code_detail.limit_bits_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:limit_bits_str;help:limit_bits_str +zeek.opcua_binary_status_code_detail.overflow=db:zeek.opcua_binary_status_code_detail.overflow;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:overflow;help:overflow +zeek.opcua_binary_status_code_detail.historian_bits=db:zeek.opcua_binary_status_code_detail.historian_bits;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:historian_bits;help:historian_bits +zeek.opcua_binary_status_code_detail.historian_bits_str=db:zeek.opcua_binary_status_code_detail.historian_bits_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:historian_bits_str;help:historian_bits_str +zeek.opcua_binary_status_code_detail.historianpartial=db:zeek.opcua_binary_status_code_detail.historianpartial;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:historianpartial;help:historianpartial +zeek.opcua_binary_status_code_detail.historianextradata=db:zeek.opcua_binary_status_code_detail.historianextradata;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:historianextradata;help:historianextradata +zeek.opcua_binary_status_code_detail.historianmultivalue=db:zeek.opcua_binary_status_code_detail.historianmultivalue;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:historianmultivalue;help:historianmultivalue # opcua_binary_variant_array_dims.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_variant_array_dims.array_dim_link_id=db:zeek.opcua_binary_variant_array_dims.array_dim_link_id;group:zeek_opcua;kind:termfield;friendly:array_dim_link_id;help:array_dim_link_id -zeek.opcua_binary_variant_array_dims.dimension=db:zeek.opcua_binary_variant_array_dims.dimension;group:zeek_opcua;kind:integer;friendly:dimension;help:dimension +zeek.opcua_binary_variant_array_dims.array_dim_link_id=db:zeek.opcua_binary_variant_array_dims.array_dim_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:array_dim_link_id;help:array_dim_link_id +zeek.opcua_binary_variant_array_dims.dimension=db:zeek.opcua_binary_variant_array_dims.dimension;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:dimension;help:dimension # opcua_binary_variant_data.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_variant_data.variant_data_link_id=db:zeek.opcua_binary_variant_data.variant_data_link_id;group:zeek_opcua;kind:termfield;friendly:variant_data_link_id;help:variant_data_link_id -zeek.opcua_binary_variant_data.variant_data_value_signed_numeric=db:zeek.opcua_binary_variant_data.variant_data_value_signed_numeric;group:zeek_opcua;kind:termfield;friendly:variant_data_value_signed_numeric;help:variant_data_value_signed_numeric -zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric=db:zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric;group:zeek_opcua;kind:termfield;friendly:variant_data_value_unsigned_numeric;help:variant_data_value_unsigned_numeric -zeek.opcua_binary_variant_data.variant_data_value_string=db:zeek.opcua_binary_variant_data.variant_data_value_string;group:zeek_opcua;kind:termfield;friendly:variant_data_value_string;help:variant_data_value_string -zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask=db:zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_encoding_mask;help:variant_data_node_id_encoding_mask -zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx=db:zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_namespace_idx;help:variant_data_node_id_namespace_idx -zeek.opcua_binary_variant_data.variant_data_node_id_numeric=db:zeek.opcua_binary_variant_data.variant_data_node_id_numeric;group:zeek_opcua;kind:integer;friendly:variant_data_node_id_numeric;help:variant_data_node_id_numeric -zeek.opcua_binary_variant_data.variant_data_node_id_string=db:zeek.opcua_binary_variant_data.variant_data_node_id_string;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_string;help:variant_data_node_id_string -zeek.opcua_binary_variant_data.variant_data_node_id_guid=db:zeek.opcua_binary_variant_data.variant_data_node_id_guid;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_guid;help:variant_data_node_id_guid -zeek.opcua_binary_variant_data.variant_data_node_id_opaque=db:zeek.opcua_binary_variant_data.variant_data_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_opaque;help:variant_data_node_id_opaque -zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri=db:zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri;group:zeek_opcua;kind:termfield;friendly:variant_data_node_id_namespace_uri;help:variant_data_node_id_namespace_uri -zeek.opcua_binary_variant_data.variant_data_node_id_server_idx=db:zeek.opcua_binary_variant_data.variant_data_node_id_server_idx;group:zeek_opcua;kind:integer;friendly:variant_data_node_id_server_idx;help:variant_data_node_id_server_idx -zeek.opcua_binary_variant_data.variant_data_value_time=db:zeek.opcua_binary_variant_data.variant_data_value_time;group:zeek_opcua;kind:termfield;friendly:variant_data_value_time;help:variant_data_value_time -zeek.opcua_binary_variant_data.variant_data_encoding_name_idx=db:zeek.opcua_binary_variant_data.variant_data_encoding_name_idx;group:zeek_opcua;kind:integer;friendly:variant_data_encoding_name_idx;help:variant_data_encoding_name_idx -zeek.opcua_binary_variant_data.variant_data_encoding_name=db:zeek.opcua_binary_variant_data.variant_data_encoding_name;group:zeek_opcua;kind:termfield;friendly:variant_data_encoding_name;help:variant_data_encoding_name -zeek.opcua_binary_variant_data.variant_data_mask=db:zeek.opcua_binary_variant_data.variant_data_mask;group:zeek_opcua;kind:termfield;friendly:variant_data_mask;help:variant_data_mask -zeek.opcua_binary_variant_data.variant_data_locale=db:zeek.opcua_binary_variant_data.variant_data_locale;group:zeek_opcua;kind:termfield;friendly:variant_data_locale;help:variant_data_locale -zeek.opcua_binary_variant_data.variant_data_text=db:zeek.opcua_binary_variant_data.variant_data_text;group:zeek_opcua;kind:termfield;friendly:variant_data_text;help:variant_data_text -zeek.opcua_binary_variant_data.variant_data_value_decimal=db:zeek.opcua_binary_variant_data.variant_data_value_decimal;group:zeek_opcua;kind:termfield;friendly:variant_data_value_decimal;help:variant_data_value_decimal +zeek.opcua_binary_variant_data.variant_data_link_id=db:zeek.opcua_binary_variant_data.variant_data_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_link_id;help:variant_data_link_id +zeek.opcua_binary_variant_data.variant_data_value_signed_numeric=db:zeek.opcua_binary_variant_data.variant_data_value_signed_numeric;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_signed_numeric;help:variant_data_value_signed_numeric +zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric=db:zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_unsigned_numeric;help:variant_data_value_unsigned_numeric +zeek.opcua_binary_variant_data.variant_data_value_string=db:zeek.opcua_binary_variant_data.variant_data_value_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_string;help:variant_data_value_string +zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask=db:zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_encoding_mask;help:variant_data_node_id_encoding_mask +zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx=db:zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_namespace_idx;help:variant_data_node_id_namespace_idx +zeek.opcua_binary_variant_data.variant_data_node_id_numeric=db:zeek.opcua_binary_variant_data.variant_data_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:variant_data_node_id_numeric;help:variant_data_node_id_numeric +zeek.opcua_binary_variant_data.variant_data_node_id_string=db:zeek.opcua_binary_variant_data.variant_data_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_string;help:variant_data_node_id_string +zeek.opcua_binary_variant_data.variant_data_node_id_guid=db:zeek.opcua_binary_variant_data.variant_data_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_guid;help:variant_data_node_id_guid +zeek.opcua_binary_variant_data.variant_data_node_id_opaque=db:zeek.opcua_binary_variant_data.variant_data_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_opaque;help:variant_data_node_id_opaque +zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri=db:zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_node_id_namespace_uri;help:variant_data_node_id_namespace_uri +zeek.opcua_binary_variant_data.variant_data_node_id_server_idx=db:zeek.opcua_binary_variant_data.variant_data_node_id_server_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:variant_data_node_id_server_idx;help:variant_data_node_id_server_idx +zeek.opcua_binary_variant_data.variant_data_value_time=db:zeek.opcua_binary_variant_data.variant_data_value_time;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_time;help:variant_data_value_time +zeek.opcua_binary_variant_data.variant_data_encoding_name_idx=db:zeek.opcua_binary_variant_data.variant_data_encoding_name_idx;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:variant_data_encoding_name_idx;help:variant_data_encoding_name_idx +zeek.opcua_binary_variant_data.variant_data_encoding_name=db:zeek.opcua_binary_variant_data.variant_data_encoding_name;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_encoding_name;help:variant_data_encoding_name +zeek.opcua_binary_variant_data.variant_data_mask=db:zeek.opcua_binary_variant_data.variant_data_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_mask;help:variant_data_mask +zeek.opcua_binary_variant_data.variant_data_locale=db:zeek.opcua_binary_variant_data.variant_data_locale;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_locale;help:variant_data_locale +zeek.opcua_binary_variant_data.variant_data_text=db:zeek.opcua_binary_variant_data.variant_data_text;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_text;help:variant_data_text +zeek.opcua_binary_variant_data.variant_data_value_decimal=db:zeek.opcua_binary_variant_data.variant_data_value_decimal;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_decimal;help:variant_data_value_decimal # opcua_binary_variant_data_value.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_variant_data_value.variant_data_value_source_link=db:zeek.opcua_binary_variant_data_value.variant_data_value_source_link;group:zeek_opcua;kind:termfield;friendly:variant_data_value_source_link;help:variant_data_value_source_link -zeek.opcua_binary_variant_data_value.data_value_encoding_mask=db:zeek.opcua_binary_variant_data_value.data_value_encoding_mask;group:zeek_opcua;kind:termfield;friendly:data_value_encoding_mask;help:data_value_encoding_mask -zeek.opcua_binary_variant_data_value.source_timestamp=db:zeek.opcua_binary_variant_data_value.source_timestamp;group:zeek_opcua;kind:termfield;friendly:source_timestamp;help:source_timestamp -zeek.opcua_binary_variant_data_value.source_pico_sec=db:zeek.opcua_binary_variant_data_value.source_pico_sec;group:zeek_opcua;kind:integer;friendly:source_pico_sec;help:source_pico_sec -zeek.opcua_binary_variant_data_value.server_timestamp=db:zeek.opcua_binary_variant_data_value.server_timestamp;group:zeek_opcua;kind:termfield;friendly:server_timestamp;help:server_timestamp -zeek.opcua_binary_variant_data_value.server_pico_sec=db:zeek.opcua_binary_variant_data_value.server_pico_sec;group:zeek_opcua;kind:integer;friendly:server_pico_sec;help:server_pico_sec +zeek.opcua_binary_variant_data_value.variant_data_value_source_link=db:zeek.opcua_binary_variant_data_value.variant_data_value_source_link;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_value_source_link;help:variant_data_value_source_link +zeek.opcua_binary_variant_data_value.data_value_encoding_mask=db:zeek.opcua_binary_variant_data_value.data_value_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:data_value_encoding_mask;help:data_value_encoding_mask +zeek.opcua_binary_variant_data_value.source_timestamp=db:zeek.opcua_binary_variant_data_value.source_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:source_timestamp;help:source_timestamp +zeek.opcua_binary_variant_data_value.source_pico_sec=db:zeek.opcua_binary_variant_data_value.source_pico_sec;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:source_pico_sec;help:source_pico_sec +zeek.opcua_binary_variant_data_value.server_timestamp=db:zeek.opcua_binary_variant_data_value.server_timestamp;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:server_timestamp;help:server_timestamp +zeek.opcua_binary_variant_data_value.server_pico_sec=db:zeek.opcua_binary_variant_data_value.server_pico_sec;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:server_pico_sec;help:server_pico_sec # opcua_binary_variant_extension_object.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_variant_extension_object.ext_obj_link_id=db:zeek.opcua_binary_variant_extension_object.ext_obj_link_id;group:zeek_opcua;kind:termfield;friendly:ext_obj_link_id;help:ext_obj_link_id -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask;group:zeek_opcua;kind:termfield;friendly:ext_obj_node_id_encoding_mask;help:ext_obj_node_id_encoding_mask -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx;group:zeek_opcua;kind:termfield;friendly:ext_obj_node_id_namespace_idx;help:ext_obj_node_id_namespace_idx -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric;group:zeek_opcua;kind:integer;friendly:ext_obj_node_id_numeric;help:ext_obj_node_id_numeric -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string;group:zeek_opcua;kind:termfield;friendly:ext_obj_node_id_string;help:ext_obj_node_id_string -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid;group:zeek_opcua;kind:termfield;friendly:ext_obj_node_id_guid;help:ext_obj_node_id_guid -zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque;group:zeek_opcua;kind:termfield;friendly:ext_obj_node_id_opaque;help:ext_obj_node_id_opaque -zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str=db:zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str;group:zeek_opcua;kind:termfield;friendly:ext_obj_type_id_str;help:ext_obj_type_id_str -zeek.opcua_binary_variant_extension_object.ext_obj_encoding=db:zeek.opcua_binary_variant_extension_object.ext_obj_encoding;group:zeek_opcua;kind:termfield;friendly:ext_obj_encoding;help:ext_obj_encoding +zeek.opcua_binary_variant_extension_object.ext_obj_link_id=db:zeek.opcua_binary_variant_extension_object.ext_obj_link_id;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_link_id;help:ext_obj_link_id +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_node_id_encoding_mask;help:ext_obj_node_id_encoding_mask +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_node_id_namespace_idx;help:ext_obj_node_id_namespace_idx +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:ext_obj_node_id_numeric;help:ext_obj_node_id_numeric +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_node_id_string;help:ext_obj_node_id_string +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_node_id_guid;help:ext_obj_node_id_guid +zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque=db:zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_node_id_opaque;help:ext_obj_node_id_opaque +zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str=db:zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_type_id_str;help:ext_obj_type_id_str +zeek.opcua_binary_variant_extension_object.ext_obj_encoding=db:zeek.opcua_binary_variant_extension_object.ext_obj_encoding;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:ext_obj_encoding;help:ext_obj_encoding # opcua_binary_variant_metadata.log # https://github.com/cisagov/icsnpp-opcua-binary -zeek.opcua_binary_variant_metadata.variant_data_source=db:zeek.opcua_binary_variant_metadata.variant_data_source;group:zeek_opcua;kind:integer;friendly:variant_data_source;help:variant_data_source -zeek.opcua_binary_variant_metadata.variant_data_source_str=db:zeek.opcua_binary_variant_metadata.variant_data_source_str;group:zeek_opcua;kind:termfield;friendly:variant_data_source_str;help:variant_data_source_str -zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask=db:zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask;group:zeek_opcua;kind:termfield;friendly:dara_variant_encoding_mask;help:dara_variant_encoding_mask -zeek.opcua_binary_variant_metadata.data_variant_data_type=db:zeek.opcua_binary_variant_metadata.data_variant_data_type;group:zeek_opcua;kind:integer;friendly:data_variant_data_type;help:data_variant_data_type -zeek.opcua_binary_variant_metadata.data_variant_data_type_str=db:zeek.opcua_binary_variant_metadata.data_variant_data_type_str;group:zeek_opcua;kind:termfield;friendly:data_variant_data_type_str;help:data_variant_data_type_str -zeek.opcua_binary_variant_metadata.built_in_data_type=db:zeek.opcua_binary_variant_metadata.built_in_data_type;group:zeek_opcua;kind:integer;friendly:built_in_data_type;help:built_in_data_type -zeek.opcua_binary_variant_metadata.built_in_data_type_str=db:zeek.opcua_binary_variant_metadata.built_in_data_type_str;group:zeek_opcua;kind:termfield;friendly:built_in_data_type_str;help:built_in_data_type_str -zeek.opcua_binary_variant_metadata.variant_data_array_dim=db:zeek.opcua_binary_variant_metadata.variant_data_array_dim;group:zeek_opcua;kind:integer;friendly:variant_data_array_dim;help:variant_data_array_dim +zeek.opcua_binary_variant_metadata.variant_data_source=db:zeek.opcua_binary_variant_metadata.variant_data_source;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:variant_data_source;help:variant_data_source +zeek.opcua_binary_variant_metadata.variant_data_source_str=db:zeek.opcua_binary_variant_metadata.variant_data_source_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:variant_data_source_str;help:variant_data_source_str +zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask=db:zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:dara_variant_encoding_mask;help:dara_variant_encoding_mask +zeek.opcua_binary_variant_metadata.data_variant_data_type=db:zeek.opcua_binary_variant_metadata.data_variant_data_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:data_variant_data_type;help:data_variant_data_type +zeek.opcua_binary_variant_metadata.data_variant_data_type_str=db:zeek.opcua_binary_variant_metadata.data_variant_data_type_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:data_variant_data_type_str;help:data_variant_data_type_str +zeek.opcua_binary_variant_metadata.built_in_data_type=db:zeek.opcua_binary_variant_metadata.built_in_data_type;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:built_in_data_type;help:built_in_data_type +zeek.opcua_binary_variant_metadata.built_in_data_type_str=db:zeek.opcua_binary_variant_metadata.built_in_data_type_str;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:built_in_data_type_str;help:built_in_data_type_str +zeek.opcua_binary_variant_metadata.variant_data_array_dim=db:zeek.opcua_binary_variant_metadata.variant_data_array_dim;group:zeek_opcua;kind:integer;viewerOnly:true;friendly:variant_data_array_dim;help:variant_data_array_dim # ocsp.log # https://docs.zeek.org/en/stable/scripts/policy/files/x509/log-ocsp.zeek.html#type-OCSP::Info -zeek.ocsp.hashAlgorithm=db:zeek.ocsp.hashAlgorithm;group:zeek_ocsp;kind:termfield;friendly:Issuer Name and Key Hash Algorithm;help:Issuer Name and Key Hash Algorithm -zeek.ocsp.issuerNameHash=db:zeek.ocsp.issuerNameHash;group:zeek_ocsp;kind:termfield;friendly:Issuer Name Hash;help:Issuer Name Hash -zeek.ocsp.issuerKeyHash=db:zeek.ocsp.issuerKeyHash;group:zeek_ocsp;kind:termfield;friendly:Issuer Key Hash;help:Issuer Key Hash -zeek.ocsp.serialNumber=db:zeek.ocsp.serialNumber;group:zeek_ocsp;kind:termfield;friendly:Certificate Serial Number;help:Certificate Serial Number -zeek.ocsp.certStatus=db:zeek.ocsp.certStatus;group:zeek_ocsp;kind:termfield;friendly:Certificate Status;help:Certificate Status -zeek.ocsp.revoketime=db:zeek.ocsp.revoketime;group:zeek_ocsp;kind:termfield;friendly:Time Revoked;help:Time Revoked -zeek.ocsp.revokereason=db:zeek.ocsp.revokereason;group:zeek_ocsp;kind:termfield;friendly:Reason Revoked;help:Reason Revoked -zeek.ocsp.thisUpdate=db:zeek.ocsp.thisUpdate;group:zeek_ocsp;kind:termfield;friendly:Update Time;help:Update Time -zeek.ocsp.nextUpdate=db:zeek.ocsp.nextUpdate;group:zeek_ocsp;kind:termfield;friendly:Next Update Time;help:Next Update Time +zeek.ocsp.hashAlgorithm=db:zeek.ocsp.hashAlgorithm;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Issuer Name and Key Hash Algorithm;help:Issuer Name and Key Hash Algorithm +zeek.ocsp.issuerNameHash=db:zeek.ocsp.issuerNameHash;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Issuer Name Hash;help:Issuer Name Hash +zeek.ocsp.issuerKeyHash=db:zeek.ocsp.issuerKeyHash;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Issuer Key Hash;help:Issuer Key Hash +zeek.ocsp.serialNumber=db:zeek.ocsp.serialNumber;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Certificate Serial Number;help:Certificate Serial Number +zeek.ocsp.certStatus=db:zeek.ocsp.certStatus;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Certificate Status;help:Certificate Status +zeek.ocsp.revoketime=db:zeek.ocsp.revoketime;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Time Revoked;help:Time Revoked +zeek.ocsp.revokereason=db:zeek.ocsp.revokereason;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Reason Revoked;help:Reason Revoked +zeek.ocsp.thisUpdate=db:zeek.ocsp.thisUpdate;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Update Time;help:Update Time +zeek.ocsp.nextUpdate=db:zeek.ocsp.nextUpdate;group:zeek_ocsp;kind:termfield;viewerOnly:true;friendly:Next Update Time;help:Next Update Time # ospf.log # https://github.com/corelight/zeek-spicy-ospf -zeek.ospf.advert_router=db:zeek.ospf.advert_router;group:zeek_ospf;kind:termfield;friendly:Router Advertisement;help:Router Advertisement -zeek.ospf.area_id=db:zeek.ospf.area_id;group:zeek_ospf;kind:termfield;friendly:Area ID;help:Area ID -zeek.ospf.backup_router=db:zeek.ospf.backup_router;group:zeek_ospf;kind:termfield;friendly:Backup Router;help:Backup Router -zeek.ospf.desig_router=db:zeek.ospf.desig_router;group:zeek_ospf;kind:termfield;friendly:Designated Router;help:Designated Router -zeek.ospf.dest_router_id=db:zeek.ospf.dest_router_id;group:zeek_ospf;kind:termfield;friendly:Destination Router ID (IA Router);help:Destination Router ID (IA Router) -zeek.ospf.fwd_addrs=db:zeek.ospf.fwd_addrs;group:zeek_ospf;kind:termfield;friendly:Forward Address (External LSA);help:Forward Address (External LSA) -zeek.ospf.interface_id=db:zeek.ospf.interface_id;group:zeek_ospf;kind:integer;friendly:Interface ID;help:Interface ID -zeek.ospf.intra_prefixes=db:zeek.ospf.intra_prefixes;group:zeek_ospf;kind:termfield;friendly:Intra Prefix;help:Intra Prefix -zeek.ospf.link_data=db:zeek.ospf.link_data;group:zeek_ospf;kind:termfield;friendly:Link Data (Router LSA);help:Link Data (Router LSA) -zeek.ospf.link_id=db:zeek.ospf.link_id;group:zeek_ospf;kind:termfield;friendly:Link ID (Router LSA);help:Link ID (Router LSA) -zeek.ospf.link_prefixes=db:zeek.ospf.link_prefixes;group:zeek_ospf;kind:termfield;friendly:Link Prefix;help:Link Prefix -zeek.ospf.link_state_id=db:zeek.ospf.link_state_id;group:zeek_ospf;kind:termfield;friendly:Link State ID;help:Link State ID -zeek.ospf.link_type=db:zeek.ospf.link_type;group:zeek_ospf;kind:termfield;friendly:Link Type (Router LSA);help:Link Type (Router LSA) -zeek.ospf.lsa_type=db:zeek.ospf.lsa_type;group:zeek_ospf;kind:termfield;friendly:LSA Type;help:LSA Type -zeek.ospf.metric=db:zeek.ospf.metric;group:zeek_ospf;kind:integer;friendly:Metric (IA Router);help:Metric (IA Router) -zeek.ospf.metrics=db:zeek.ospf.metrics;group:zeek_ospf;kind:integer;friendly:Metrics (External LSA);help:Metrics (External LSA) -zeek.ospf.neighbor_interface_id=db:zeek.ospf.neighbor_interface_id;group:zeek_ospf;kind:integer;friendly:Neighbor Interface ID (External LSA);help:Neighbor Interface ID (External LSA) -zeek.ospf.neighbor_router_id=db:zeek.ospf.neighbor_router_id;group:zeek_ospf;kind:termfield;friendly:Neighbor Router ID (Router LSA);help:Neighbor Router ID (Router LSA) -zeek.ospf.neighbors=db:zeek.ospf.neighbors;group:zeek_ospf;kind:termfield;friendly:Neighbors;help:Neighbors -zeek.ospf.netmask=db:zeek.ospf.netmask;group:zeek_ospf;kind:termfield;friendly:Netmask;help:Netmask -zeek.ospf.ospf_type=db:zeek.ospf.ospf_type;group:zeek_ospf;kind:termfield;friendly:OSPF Packet Type;help:OSPF Packet Type -zeek.ospf.prefix=db:zeek.ospf.prefix;group:zeek_ospf;kind:termfield;friendly:Prefix (External LSA);help:Prefix (External LSA) -zeek.ospf.route_tags=db:zeek.ospf.route_tags;group:zeek_ospf;kind:integer;friendly:Route Tags (External LSA);help:Route Tags (External LSA) -zeek.ospf.router_id=db:zeek.ospf.router_id;group:zeek_ospf;kind:termfield;friendly:Router ID;help:Router ID -zeek.ospf.routers=db:zeek.ospf.routers;group:zeek_ospf;kind:termfield;friendly:Router (Network LSA);help:Router (Network LSA) -zeek.ospf.version=db:zeek.ospf.version;group:zeek_ospf;kind:integer;friendly:OSPF Version;help:OSPF Version +zeek.ospf.advert_router=db:zeek.ospf.advert_router;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Router Advertisement;help:Router Advertisement +zeek.ospf.area_id=db:zeek.ospf.area_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Area ID;help:Area ID +zeek.ospf.backup_router=db:zeek.ospf.backup_router;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Backup Router;help:Backup Router +zeek.ospf.desig_router=db:zeek.ospf.desig_router;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Designated Router;help:Designated Router +zeek.ospf.dest_router_id=db:zeek.ospf.dest_router_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Destination Router ID (IA Router);help:Destination Router ID (IA Router) +zeek.ospf.fwd_addrs=db:zeek.ospf.fwd_addrs;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Forward Address (External LSA);help:Forward Address (External LSA) +zeek.ospf.interface_id=db:zeek.ospf.interface_id;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:Interface ID;help:Interface ID +zeek.ospf.intra_prefixes=db:zeek.ospf.intra_prefixes;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Intra Prefix;help:Intra Prefix +zeek.ospf.link_data=db:zeek.ospf.link_data;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Link Data (Router LSA);help:Link Data (Router LSA) +zeek.ospf.link_id=db:zeek.ospf.link_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Link ID (Router LSA);help:Link ID (Router LSA) +zeek.ospf.link_prefixes=db:zeek.ospf.link_prefixes;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Link Prefix;help:Link Prefix +zeek.ospf.link_state_id=db:zeek.ospf.link_state_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Link State ID;help:Link State ID +zeek.ospf.link_type=db:zeek.ospf.link_type;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Link Type (Router LSA);help:Link Type (Router LSA) +zeek.ospf.lsa_type=db:zeek.ospf.lsa_type;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:LSA Type;help:LSA Type +zeek.ospf.metric=db:zeek.ospf.metric;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:Metric (IA Router);help:Metric (IA Router) +zeek.ospf.metrics=db:zeek.ospf.metrics;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:Metrics (External LSA);help:Metrics (External LSA) +zeek.ospf.neighbor_interface_id=db:zeek.ospf.neighbor_interface_id;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:Neighbor Interface ID (External LSA);help:Neighbor Interface ID (External LSA) +zeek.ospf.neighbor_router_id=db:zeek.ospf.neighbor_router_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Neighbor Router ID (Router LSA);help:Neighbor Router ID (Router LSA) +zeek.ospf.neighbors=db:zeek.ospf.neighbors;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Neighbors;help:Neighbors +zeek.ospf.netmask=db:zeek.ospf.netmask;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Netmask;help:Netmask +zeek.ospf.ospf_type=db:zeek.ospf.ospf_type;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:OSPF Packet Type;help:OSPF Packet Type +zeek.ospf.prefix=db:zeek.ospf.prefix;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Prefix (External LSA);help:Prefix (External LSA) +zeek.ospf.route_tags=db:zeek.ospf.route_tags;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:Route Tags (External LSA);help:Route Tags (External LSA) +zeek.ospf.router_id=db:zeek.ospf.router_id;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Router ID;help:Router ID +zeek.ospf.routers=db:zeek.ospf.routers;group:zeek_ospf;kind:termfield;viewerOnly:true;friendly:Router (Network LSA);help:Router (Network LSA) +zeek.ospf.version=db:zeek.ospf.version;group:zeek_ospf;kind:integer;viewerOnly:true;friendly:OSPF Version;help:OSPF Version # pe.log # https://docs.zeek.org/en/stable/scripts/base/files/pe/main.zeek.html#type-PE::Info -zeek.pe.machine=db:zeek.pe.machine;group:zeek_pe;kind:termfield;friendly:Target Machine;help:Target Machine -zeek.pe.compile_ts=db:zeek.pe.compile_ts;group:zeek_pe;kind:termfield;friendly:Compile Timestamp;help:Compile Timestamp -zeek.pe.os=db:zeek.pe.os;group:zeek_pe;kind:termfield;friendly:Target OS;help:Target Operating System -zeek.pe.subsystem=db:zeek.pe.subsystem;group:zeek_pe;kind:termfield;friendly:Target Subsystem;help:Target Subsystem -zeek.pe.is_exe=db:zeek.pe.is_exe;group:zeek_pe;kind:termfield;friendly:Executable;help:Is an executable (vs. an object file) -zeek.pe.is_64bit=db:zeek.pe.is_64bit;group:zeek_pe;kind:termfield;friendly:64 Bit;help:Is a 64-bit object -zeek.pe.uses_aslr=db:zeek.pe.uses_aslr;group:zeek_pe;kind:termfield;friendly:Uses ASLR;help:Uses Address Space Layout Randomization -zeek.pe.uses_dep=db:zeek.pe.uses_dep;group:zeek_pe;kind:termfield;friendly:Uses DEP;help:Uses Data Execution Prevention -zeek.pe.uses_code_integrity=db:zeek.pe.uses_code_integrity;group:zeek_pe;kind:termfield;friendly:Enforces Integrity Checks;help:Enforces Code Integrity Checks -zeek.pe.uses_seh=db:zeek.pe.uses_seh;group:zeek_pe;kind:termfield;friendly:Uses SEH;help:Uses Structured Exception Handling -zeek.pe.has_import_table=db:zeek.pe.has_import_table;group:zeek_pe;kind:termfield;friendly:Has Import Table;help:Has Import Table -zeek.pe.has_export_table=db:zeek.pe.has_export_table;group:zeek_pe;kind:termfield;friendly:Has Export Table;help:Has Export Table -zeek.pe.has_cert_table=db:zeek.pe.has_cert_table;group:zeek_pe;kind:termfield;friendly:Has Certificate Table;help:Has Attribute Certificate Table -zeek.pe.has_debug_data=db:zeek.pe.has_debug_data;group:zeek_pe;kind:termfield;friendly:Has Debug Table;help:Has Debug Table -zeek.pe.section_names=db:zeek.pe.section_names;group:zeek_pe;kind:termfield;friendly:Sections;help:Sections +zeek.pe.machine=db:zeek.pe.machine;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Target Machine;help:Target Machine +zeek.pe.compile_ts=db:zeek.pe.compile_ts;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Compile Timestamp;help:Compile Timestamp +zeek.pe.os=db:zeek.pe.os;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Target OS;help:Target Operating System +zeek.pe.subsystem=db:zeek.pe.subsystem;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Target Subsystem;help:Target Subsystem +zeek.pe.is_exe=db:zeek.pe.is_exe;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Executable;help:Is an executable (vs. an object file) +zeek.pe.is_64bit=db:zeek.pe.is_64bit;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:64 Bit;help:Is a 64-bit object +zeek.pe.uses_aslr=db:zeek.pe.uses_aslr;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Uses ASLR;help:Uses Address Space Layout Randomization +zeek.pe.uses_dep=db:zeek.pe.uses_dep;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Uses DEP;help:Uses Data Execution Prevention +zeek.pe.uses_code_integrity=db:zeek.pe.uses_code_integrity;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Enforces Integrity Checks;help:Enforces Code Integrity Checks +zeek.pe.uses_seh=db:zeek.pe.uses_seh;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Uses SEH;help:Uses Structured Exception Handling +zeek.pe.has_import_table=db:zeek.pe.has_import_table;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Has Import Table;help:Has Import Table +zeek.pe.has_export_table=db:zeek.pe.has_export_table;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Has Export Table;help:Has Export Table +zeek.pe.has_cert_table=db:zeek.pe.has_cert_table;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Has Certificate Table;help:Has Attribute Certificate Table +zeek.pe.has_debug_data=db:zeek.pe.has_debug_data;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Has Debug Table;help:Has Debug Table +zeek.pe.section_names=db:zeek.pe.section_names;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Sections;help:Sections # profinet.log # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek -zeek.profinet.operation_type=db:zeek.profinet.operation_type;group:zeek_profinet;kind:termfield;friendly:Operation;help:Operation -zeek.profinet.block_version=db:zeek.profinet.block_version;group:zeek_profinet;kind:termfield;friendly:Block Version;help:Block Version -zeek.profinet.slot_number=db:zeek.profinet.slot_number;group:zeek_profinet;kind:integer;friendly:Slot;help:Slot -zeek.profinet.subslot_number=db:zeek.profinet.subslot_number;group:zeek_profinet;kind:integer;friendly:Subslot;help:Subslot -zeek.profinet.index=db:zeek.profinet.index;group:zeek_profinet;kind:termfield;friendly:Index;help:Index +zeek.profinet.operation_type=db:zeek.profinet.operation_type;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation +zeek.profinet.block_version=db:zeek.profinet.block_version;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Block Version;help:Block Version +zeek.profinet.slot_number=db:zeek.profinet.slot_number;group:zeek_profinet;kind:integer;viewerOnly:true;friendly:Slot;help:Slot +zeek.profinet.subslot_number=db:zeek.profinet.subslot_number;group:zeek_profinet;kind:integer;viewerOnly:true;friendly:Subslot;help:Subslot +zeek.profinet.index=db:zeek.profinet.index;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Index;help:Index # profinet_dce_rpc.log # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek -zeek.profinet_dce_rpc.version=db:zeek.profinet_dce_rpc.version;group:zeek_profinet;kind:integer;friendly:Version;help:Version -zeek.profinet_dce_rpc.packet_type=db:zeek.profinet_dce_rpc.packet_type;group:zeek_profinet;kind:termfield;friendly:Packet Type;help:Packet Type -zeek.profinet_dce_rpc.object_uuid=db:zeek.profinet_dce_rpc.object_uuid;group:zeek_profinet;kind:termfield;friendly:Object UUID;help:Object UUID -zeek.profinet_dce_rpc.interface_uuid=db:zeek.profinet_dce_rpc.interface_uuid;group:zeek_profinet;kind:termfield;friendly:Interface UUID;help:Interface UUID -zeek.profinet_dce_rpc.activity_uuid=db:zeek.profinet_dce_rpc.activity_uuid;group:zeek_profinet;kind:termfield;friendly:Activity UUID;help:Activity UUID -zeek.profinet_dce_rpc.server_boot_time=db:zeek.profinet_dce_rpc.server_boot_time;group:zeek_profinet;kind:integer;friendly:Server Boot Time;help:Server Boot Time -zeek.profinet_dce_rpc.operation=db:zeek.profinet_dce_rpc.operation;group:zeek_profinet;kind:termfield;friendly:Operation;help:Operation +zeek.profinet_dce_rpc.version=db:zeek.profinet_dce_rpc.version;group:zeek_profinet;kind:integer;viewerOnly:true;friendly:Version;help:Version +zeek.profinet_dce_rpc.packet_type=db:zeek.profinet_dce_rpc.packet_type;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Packet Type;help:Packet Type +zeek.profinet_dce_rpc.object_uuid=db:zeek.profinet_dce_rpc.object_uuid;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Object UUID;help:Object UUID +zeek.profinet_dce_rpc.interface_uuid=db:zeek.profinet_dce_rpc.interface_uuid;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Interface UUID;help:Interface UUID +zeek.profinet_dce_rpc.activity_uuid=db:zeek.profinet_dce_rpc.activity_uuid;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Activity UUID;help:Activity UUID +zeek.profinet_dce_rpc.server_boot_time=db:zeek.profinet_dce_rpc.server_boot_time;group:zeek_profinet;kind:integer;viewerOnly:true;friendly:Server Boot Time;help:Server Boot Time +zeek.profinet_dce_rpc.operation=db:zeek.profinet_dce_rpc.operation;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation # radius.log # https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info -zeek.radius.mac=db:zeek.radius.mac;group:zeek_radius;kind:termfield;friendly:MAC Address;help:MAC Address -zeek.radius.framed_addr=db:zeek.radius.framed_addr;group:zeek_radius;kind:termfield;friendly:Framed Address;help:Framed Address -zeek.radius.tunnel_client=db:zeek.radius.tunnel_client;group:zeek_radius;kind:termfield;friendly:Initiator Address;help:Initiator Address -zeek.radius.connect_info=db:zeek.radius.connect_info;group:zeek_radius;kind:termfield;friendly:Connect Info;help:Connect Info -zeek.radius.reply_msg=db:zeek.radius.reply_msg;group:zeek_radius;kind:termfield;friendly:Reply Message;help:Reply Message -zeek.radius.result=db:zeek.radius.result;group:zeek_radius;kind:termfield;friendly:Result;help:Result -zeek.radius.ttl=db:zeek.radius.ttl;group:zeek_radius;kind:termfield;friendly:TTL;help:TTL +zeek.radius.mac=db:zeek.radius.mac;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:MAC Address;help:MAC Address +zeek.radius.framed_addr=db:zeek.radius.framed_addr;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:Framed Address;help:Framed Address +zeek.radius.tunnel_client=db:zeek.radius.tunnel_client;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:Initiator Address;help:Initiator Address +zeek.radius.connect_info=db:zeek.radius.connect_info;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:Connect Info;help:Connect Info +zeek.radius.reply_msg=db:zeek.radius.reply_msg;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:Reply Message;help:Reply Message +zeek.radius.result=db:zeek.radius.result;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:Result;help:Result +zeek.radius.ttl=db:zeek.radius.ttl;group:zeek_radius;kind:termfield;viewerOnly:true;friendly:TTL;help:TTL # rdp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/rdp/main.zeek.html#type-RDP::Info -zeek.rdp.cookie=db:zeek.rdp.cookie;group:zeek_rdp;kind:termfield;friendly:Cookie;help:Cookie -zeek.rdp.result=db:zeek.rdp.result;group:zeek_rdp;kind:termfield;friendly:Connection Result;help:Connection Result -zeek.rdp.security_protocol=db:zeek.rdp.security_protocol;group:zeek_rdp;kind:termfield;friendly:Security Protocol;help:Security Protocol -zeek.rdp.client_channels=db:zeek.rdp.client_channels;group:zeek_rdp;kind:termfield;friendly:Channel;help:Channel -zeek.rdp.keyboard_layout=db:zeek.rdp.keyboard_layout;group:zeek_rdp;kind:termfield;friendly:Keyboard Layout;help:Keyboard Layout -zeek.rdp.client_build=db:zeek.rdp.client_build;group:zeek_rdp;kind:termfield;friendly:Client Version;help:Client Version -zeek.rdp.client_name=db:zeek.rdp.client_name;group:zeek_rdp;kind:termfield;friendly:Client Name;help:Client Name -zeek.rdp.client_dig_product_id=db:zeek.rdp.client_dig_product_id;group:zeek_rdp;kind:termfield;friendly:Client Product ID;help:Client Product ID -zeek.rdp.desktop_width=db:zeek.rdp.desktop_width;group:zeek_rdp;kind:integer;friendly:Desktop Width;help:Desktop Width -zeek.rdp.desktop_height=db:zeek.rdp.desktop_height;group:zeek_rdp;kind:integer;friendly:Desktop Height;help:Desktop Height -zeek.rdp.requested_color_depth=db:zeek.rdp.requested_color_depth;group:zeek_rdp;kind:termfield;friendly:Color Depth;help:Color Depth -zeek.rdp.cert_type=db:zeek.rdp.cert_type;group:zeek_rdp;kind:termfield;friendly:Certificate Type;help:Certificate Type -zeek.rdp.cert_count=db:zeek.rdp.cert_count;group:zeek_rdp;kind:integer;friendly:Certificate Count;help:Certificate Count -zeek.rdp.cert_permanent=db:zeek.rdp.cert_permanent;group:zeek_rdp;kind:termfield;friendly:Certificate is Permanent;help:Certificate is Permanent -zeek.rdp.encryption_level=db:zeek.rdp.encryption_level;group:zeek_rdp;kind:termfield;friendly:Encryption Level;help:Encryption Level -zeek.rdp.encryption_method=db:zeek.rdp.encryption_method;group:zeek_rdp;kind:termfield;friendly:Encryption Method;help:Encryption Method +zeek.rdp.cookie=db:zeek.rdp.cookie;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Cookie;help:Cookie +zeek.rdp.result=db:zeek.rdp.result;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Connection Result;help:Connection Result +zeek.rdp.security_protocol=db:zeek.rdp.security_protocol;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Security Protocol;help:Security Protocol +zeek.rdp.client_channels=db:zeek.rdp.client_channels;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Channel;help:Channel +zeek.rdp.keyboard_layout=db:zeek.rdp.keyboard_layout;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Keyboard Layout;help:Keyboard Layout +zeek.rdp.client_build=db:zeek.rdp.client_build;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Client Version;help:Client Version +zeek.rdp.client_name=db:zeek.rdp.client_name;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Client Name;help:Client Name +zeek.rdp.client_dig_product_id=db:zeek.rdp.client_dig_product_id;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Client Product ID;help:Client Product ID +zeek.rdp.desktop_width=db:zeek.rdp.desktop_width;group:zeek_rdp;kind:integer;viewerOnly:true;friendly:Desktop Width;help:Desktop Width +zeek.rdp.desktop_height=db:zeek.rdp.desktop_height;group:zeek_rdp;kind:integer;viewerOnly:true;friendly:Desktop Height;help:Desktop Height +zeek.rdp.requested_color_depth=db:zeek.rdp.requested_color_depth;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Color Depth;help:Color Depth +zeek.rdp.cert_type=db:zeek.rdp.cert_type;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Certificate Type;help:Certificate Type +zeek.rdp.cert_count=db:zeek.rdp.cert_count;group:zeek_rdp;kind:integer;viewerOnly:true;friendly:Certificate Count;help:Certificate Count +zeek.rdp.cert_permanent=db:zeek.rdp.cert_permanent;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Certificate is Permanent;help:Certificate is Permanent +zeek.rdp.encryption_level=db:zeek.rdp.encryption_level;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Encryption Level;help:Encryption Level +zeek.rdp.encryption_method=db:zeek.rdp.encryption_method;group:zeek_rdp;kind:termfield;viewerOnly:true;friendly:Encryption Method;help:Encryption Method # rfb.log # https://docs.zeek.org/en/stable/scripts/base/protocols/rfb/main.zeek.html#type-RFB::Info -zeek.rfb.client_major_version=db:zeek.rfb.client_major_version;group:zeek_rfb;kind:termfield;friendly:Client Major Version;help:Client Major Version -zeek.rfb.client_minor_version=db:zeek.rfb.client_minor_version;group:zeek_rfb;kind:termfield;friendly:Client Minor Version;help:Client Minor Version -zeek.rfb.server_major_version=db:zeek.rfb.server_major_version;group:zeek_rfb;kind:termfield;friendly:Server Major Version;help:Server Major Version -zeek.rfb.server_minor_version=db:zeek.rfb.server_minor_version;group:zeek_rfb;kind:termfield;friendly:Server Minor Version;help:Server Minor Version -zeek.rfb.authentication_method=db:zeek.rfb.authentication_method;group:zeek_rfb;kind:termfield;friendly:Authentication Method;help:Authentication Method -zeek.rfb.auth=db:zeek.rfb.auth;group:zeek_rfb;kind:termfield;friendly:Authentication Success;help:Authentication Success -zeek.rfb.share_flag=db:zeek.rfb.share_flag;group:zeek_rfb;kind:termfield;friendly:Shared Session;help:Shared Session -zeek.rfb.desktop_name=db:zeek.rfb.desktop_name;group:zeek_rfb;kind:termfield;friendly:Desktop Name;help:Desktop Name -zeek.rfb.width=db:zeek.rfb.width;group:zeek_rfb;kind:integer;friendly:Desktop Width;help:Desktop Width -zeek.rfb.height=db:zeek.rfb.height;group:zeek_rfb;kind:integer;friendly:Desktop Height;help:Desktop Height +zeek.rfb.client_major_version=db:zeek.rfb.client_major_version;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Client Major Version;help:Client Major Version +zeek.rfb.client_minor_version=db:zeek.rfb.client_minor_version;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Client Minor Version;help:Client Minor Version +zeek.rfb.server_major_version=db:zeek.rfb.server_major_version;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Server Major Version;help:Server Major Version +zeek.rfb.server_minor_version=db:zeek.rfb.server_minor_version;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Server Minor Version;help:Server Minor Version +zeek.rfb.authentication_method=db:zeek.rfb.authentication_method;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Authentication Method;help:Authentication Method +zeek.rfb.auth=db:zeek.rfb.auth;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Authentication Success;help:Authentication Success +zeek.rfb.share_flag=db:zeek.rfb.share_flag;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Shared Session;help:Shared Session +zeek.rfb.desktop_name=db:zeek.rfb.desktop_name;group:zeek_rfb;kind:termfield;viewerOnly:true;friendly:Desktop Name;help:Desktop Name +zeek.rfb.width=db:zeek.rfb.width;group:zeek_rfb;kind:integer;viewerOnly:true;friendly:Desktop Width;help:Desktop Width +zeek.rfb.height=db:zeek.rfb.height;group:zeek_rfb;kind:integer;viewerOnly:true;friendly:Desktop Height;help:Desktop Height # s7comm.log # https://github.com/cisagov/icsnpp-s7comm -zeek.s7comm.error_class=db:zeek.s7comm.error_class;group:zeek_s7comm;kind:termfield;friendly:Error Class;help:Error Class -zeek.s7comm.error_code=db:zeek.s7comm.error_code;group:zeek_s7comm;kind:termfield;friendly:Error Code;help:Error Code -zeek.s7comm.function_code=db:zeek.s7comm.function_code;group:zeek_s7comm;kind:termfield;friendly:Parameter Function Code;help:Parameter Function Code -zeek.s7comm.function_name=db:zeek.s7comm.function_name;group:zeek_s7comm;kind:termfield;friendly:Parameter Function Name;help:Parameter Function Name -zeek.s7comm.pdu_reference=db:zeek.s7comm.pdu_reference;group:zeek_s7comm;kind:integer;friendly:Reference ID;help:Reference ID -zeek.s7comm.rosctr_code=db:zeek.s7comm.rosctr_code;group:zeek_s7comm;kind:integer;friendly:Remote Operating Service Control Code;help:Remote Operating Service Control Code -zeek.s7comm.rosctr_name=db:zeek.s7comm.rosctr_name;group:zeek_s7comm;kind:termfield;friendly:Remote Operating Service Control Name;help:Remote Operating Service Control Name -zeek.s7comm.subfunction_code=db:zeek.s7comm.subfunction_code;group:zeek_s7comm;kind:termfield;friendly:User Data Subfunction Code;help:User Data Subfunction Code -zeek.s7comm.subfunction_name=db:zeek.s7comm.subfunction_name;group:zeek_s7comm;kind:termfield;friendly:User Data Subfunction Name;help:User Data Subfunction Name +zeek.s7comm.error_class=db:zeek.s7comm.error_class;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:Error Class;help:Error Class +zeek.s7comm.error_code=db:zeek.s7comm.error_code;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:Error Code;help:Error Code +zeek.s7comm.function_code=db:zeek.s7comm.function_code;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:Parameter Function Code;help:Parameter Function Code +zeek.s7comm.function_name=db:zeek.s7comm.function_name;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:Parameter Function Name;help:Parameter Function Name +zeek.s7comm.pdu_reference=db:zeek.s7comm.pdu_reference;group:zeek_s7comm;kind:integer;viewerOnly:true;friendly:Reference ID;help:Reference ID +zeek.s7comm.rosctr_code=db:zeek.s7comm.rosctr_code;group:zeek_s7comm;kind:integer;viewerOnly:true;friendly:Remote Operating Service Control Code;help:Remote Operating Service Control Code +zeek.s7comm.rosctr_name=db:zeek.s7comm.rosctr_name;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:Remote Operating Service Control Name;help:Remote Operating Service Control Name +zeek.s7comm.subfunction_code=db:zeek.s7comm.subfunction_code;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:User Data Subfunction Code;help:User Data Subfunction Code +zeek.s7comm.subfunction_name=db:zeek.s7comm.subfunction_name;group:zeek_s7comm;kind:termfield;viewerOnly:true;friendly:User Data Subfunction Name;help:User Data Subfunction Name # s7comm_plus.log # https://github.com/cisagov/icsnpp-s7comm -zeek.s7comm_plus.function_code=db:zeek.s7comm_plus.function_code;group:zeek_s7comm_plus;kind:termfield;friendly:Function Code;help:Function Code -zeek.s7comm_plus.function_name=db:zeek.s7comm_plus.function_name;group:zeek_s7comm_plus;kind:termfield;friendly:Function Name;help:Function Name -zeek.s7comm_plus.opcode=db:zeek.s7comm_plus.opcode;group:zeek_s7comm_plus;kind:termfield;friendly:Operation Code;help:Operation Code -zeek.s7comm_plus.opcode_name=db:zeek.s7comm_plus.opcode_name;group:zeek_s7comm_plus;kind:termfield;friendly:Operation Name;help:Operation Name -zeek.s7comm_plus.version=db:zeek.s7comm_plus.version;group:zeek_s7comm_plus;kind:integer;friendly:Version;help:Version +zeek.s7comm_plus.function_code=db:zeek.s7comm_plus.function_code;group:zeek_s7comm_plus;kind:termfield;viewerOnly:true;friendly:Function Code;help:Function Code +zeek.s7comm_plus.function_name=db:zeek.s7comm_plus.function_name;group:zeek_s7comm_plus;kind:termfield;viewerOnly:true;friendly:Function Name;help:Function Name +zeek.s7comm_plus.opcode=db:zeek.s7comm_plus.opcode;group:zeek_s7comm_plus;kind:termfield;viewerOnly:true;friendly:Operation Code;help:Operation Code +zeek.s7comm_plus.opcode_name=db:zeek.s7comm_plus.opcode_name;group:zeek_s7comm_plus;kind:termfield;viewerOnly:true;friendly:Operation Name;help:Operation Name +zeek.s7comm_plus.version=db:zeek.s7comm_plus.version;group:zeek_s7comm_plus;kind:integer;viewerOnly:true;friendly:Version;help:Version # s7comm_read_szl.log # https://github.com/cisagov/icsnpp-s7comm -zeek.s7comm_read_szl.method=db:zeek.s7comm_read_szl.method;group:zeek_s7comm_read_szl;kind:termfield;friendly:Method;help:Method -zeek.s7comm_read_szl.szl_id=db:zeek.s7comm_read_szl.szl_id;group:zeek_s7comm_read_szl;kind:termfield;friendly:SZL ID;help:SZL ID -zeek.s7comm_read_szl.szl_id_name=db:zeek.s7comm_read_szl.szl_id_name;group:zeek_s7comm_read_szl;kind:termfield;friendly:SZL ID Name;help:SZL ID Name -zeek.s7comm_read_szl.szl_index=db:zeek.s7comm_read_szl.szl_index;group:zeek_s7comm_read_szl;kind:termfield;friendly:SZL Index;help:SZL Index -zeek.s7comm_read_szl.return_code=db:zeek.s7comm_read_szl.return_code;group:zeek_s7comm_read_szl;kind:termfield;friendly:Return Code;help:Return Code -zeek.s7comm_read_szl.return_code_name=db:zeek.s7comm_read_szl.return_code_name;group:zeek_s7comm_read_szl;kind:termfield;friendly:Return Message;help:Return Message +zeek.s7comm_read_szl.method=db:zeek.s7comm_read_szl.method;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:Method;help:Method +zeek.s7comm_read_szl.szl_id=db:zeek.s7comm_read_szl.szl_id;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:SZL ID;help:SZL ID +zeek.s7comm_read_szl.szl_id_name=db:zeek.s7comm_read_szl.szl_id_name;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:SZL ID Name;help:SZL ID Name +zeek.s7comm_read_szl.szl_index=db:zeek.s7comm_read_szl.szl_index;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:SZL Index;help:SZL Index +zeek.s7comm_read_szl.return_code=db:zeek.s7comm_read_szl.return_code;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:Return Code;help:Return Code +zeek.s7comm_read_szl.return_code_name=db:zeek.s7comm_read_szl.return_code_name;group:zeek_s7comm_read_szl;kind:termfield;viewerOnly:true;friendly:Return Message;help:Return Message # s7comm_upload_download.log # https://github.com/cisagov/icsnpp-s7comm -zeek.s7comm_upload_download.rosctr_name=db:zeek.s7comm_upload_download.rosctr_name;group:zeek_s7comm_upload_download;kind:termfield;friendly:Remote Operating Service Control Name;help:Remote Operating Service Control Name -zeek.s7comm_upload_download.function_name=db:zeek.s7comm_upload_download.function_name;group:zeek_s7comm_upload_download;kind:termfield;friendly:Function Name;help:Function Name -zeek.s7comm_upload_download.function_status=db:zeek.s7comm_upload_download.function_status;group:zeek_s7comm_upload_download;kind:termfield;friendly:Function Result;help:Function Result -zeek.s7comm_upload_download.session_id=db:zeek.s7comm_upload_download.session_id;group:zeek_s7comm_upload_download;kind:integer;friendly:Session ID;help:Session ID -zeek.s7comm_upload_download.blocklength=db:zeek.s7comm_upload_download.blocklength;group:zeek_s7comm_upload_download;kind:integer;friendly:Block Length;help:Block Length -zeek.s7comm_upload_download.filename=db:zeek.s7comm_upload_download.filename;group:zeek_s7comm_upload_download;kind:termfield;friendly:File Name;help:File Name -zeek.s7comm_upload_download.block_type=db:zeek.s7comm_upload_download.block_type;group:zeek_s7comm_upload_download;kind:termfield;friendly:Block Type;help:Block Type -zeek.s7comm_upload_download.block_number=db:zeek.s7comm_upload_download.block_number;group:zeek_s7comm_upload_download;kind:termfield;friendly:Block Number;help::Block Number -zeek.s7comm_upload_download.destination_filesystem=db:zeek.s7comm_upload_download.destination_filesystem;group:zeek_s7comm_upload_download;kind:termfield;friendly:Destination File System;help:Destination File System +zeek.s7comm_upload_download.rosctr_name=db:zeek.s7comm_upload_download.rosctr_name;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Remote Operating Service Control Name;help:Remote Operating Service Control Name +zeek.s7comm_upload_download.function_name=db:zeek.s7comm_upload_download.function_name;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Function Name;help:Function Name +zeek.s7comm_upload_download.function_status=db:zeek.s7comm_upload_download.function_status;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Function Result;help:Function Result +zeek.s7comm_upload_download.session_id=db:zeek.s7comm_upload_download.session_id;group:zeek_s7comm_upload_download;kind:integer;viewerOnly:true;friendly:Session ID;help:Session ID +zeek.s7comm_upload_download.blocklength=db:zeek.s7comm_upload_download.blocklength;group:zeek_s7comm_upload_download;kind:integer;viewerOnly:true;friendly:Block Length;help:Block Length +zeek.s7comm_upload_download.filename=db:zeek.s7comm_upload_download.filename;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:File Name;help:File Name +zeek.s7comm_upload_download.block_type=db:zeek.s7comm_upload_download.block_type;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Block Type;help:Block Type +zeek.s7comm_upload_download.block_number=db:zeek.s7comm_upload_download.block_number;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Block Number;help::Block Number +zeek.s7comm_upload_download.destination_filesystem=db:zeek.s7comm_upload_download.destination_filesystem;group:zeek_s7comm_upload_download;kind:termfield;viewerOnly:true;friendly:Destination File System;help:Destination File System # signatures.log -zeek.signatures.note=db:zeek.signatures.note;group:zeek_signatures;kind:termfield;friendly:Note;help:Note -zeek.signatures.signature_id=db:zeek.signatures.signature_id;group:zeek_signatures;kind:termfield;friendly:Signature ID;help:Signature ID -zeek.signatures.sub_message=db:zeek.signatures.sub_message;group:zeek_signatures;kind:termfield;friendly:Submessage;help:Submessage -zeek.signatures.signature_count=db:zeek.signatures.signature_count;group:zeek_signatures;kind:integer;friendly:Signatures Matched;help:Signatures Matched -zeek.signatures.host_count=db:zeek.signatures.host_count;group:zeek_signatures;kind:integer;friendly:Host or Engine Count;help:Host or Engine Count -zeek.signatures.hits.Capa=db:zeek.signatures.hits.Capa;group:zeek_signatures;kind:termfield;friendly:Capa Hits;help:Capa Hits -zeek.signatures.hits.ClamAV=db:zeek.signatures.hits.ClamAV;group:zeek_signatures;kind:termfield;friendly:ClamAV Hits;help:ClamAV Hits -zeek.signatures.hits.Yara=db:zeek.signatures.hits.Yara;group:zeek_signatures;kind:termfield;friendly:Yara Hits;help:Yara Hits +zeek.signatures.note=db:zeek.signatures.note;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:Note;help:Note +zeek.signatures.signature_id=db:zeek.signatures.signature_id;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:Signature ID;help:Signature ID +zeek.signatures.sub_message=db:zeek.signatures.sub_message;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:Submessage;help:Submessage +zeek.signatures.signature_count=db:zeek.signatures.signature_count;group:zeek_signatures;kind:integer;viewerOnly:true;friendly:Signatures Matched;help:Signatures Matched +zeek.signatures.host_count=db:zeek.signatures.host_count;group:zeek_signatures;kind:integer;viewerOnly:true;friendly:Host or Engine Count;help:Host or Engine Count +zeek.signatures.hits.Capa=db:zeek.signatures.hits.Capa;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:Capa Hits;help:Capa Hits +zeek.signatures.hits.ClamAV=db:zeek.signatures.hits.ClamAV;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:ClamAV Hits;help:ClamAV Hits +zeek.signatures.hits.Yara=db:zeek.signatures.hits.Yara;group:zeek_signatures;kind:termfield;viewerOnly:true;friendly:Yara Hits;help:Yara Hits # sip.log # https://docs.zeek.org/en/stable/scripts/base/protocols/sip/main.zeek.html#type-SIP::Info -zeek.sip.trans_depth=db:zeek.sip.trans_depth;group:zeek_sip;kind:integer;friendly:Pipeline Depth;help:Pipeline Depth -zeek.sip.method=db:zeek.sip.method;group:zeek_sip;kind:termfield;friendly:Request Method;help:Request Method -zeek.sip.uri=db:zeek.sip.uri;group:zeek_sip;kind:termfield;friendly:URI;help:URI -zeek.sip.date=db:zeek.sip.date;group:zeek_sip;kind:termfield;friendly:Request Date Header;help:Request Date Header -zeek.sip.request_from=db:zeek.sip.request_from;group:zeek_sip;kind:termfield;friendly:Request From Header;help:Request From Header -zeek.sip.request_to=db:zeek.sip.request_to;group:zeek_sip;kind:termfield;friendly:Request To Header;help:Request To Header -zeek.sip.response_from=db:zeek.sip.response_from;group:zeek_sip;kind:termfield;friendly:Response From Header;help:Response From Header -zeek.sip.response_to=db:zeek.sip.response_to;group:zeek_sip;kind:termfield;friendly:Response To Header;help:Response To Header -zeek.sip.reply_to=db:zeek.sip.reply_to;group:zeek_sip;kind:termfield;friendly:Reply-To Header;help:Reply-To Header -zeek.sip.call_id=db:zeek.sip.call_id;group:zeek_sip;kind:termfield;friendly:Client Call-ID Header;help:Client Call-ID Header -zeek.sip.seq=db:zeek.sip.seq;group:zeek_sip;kind:termfield;friendly:Client CSeq Header;help:Client CSeq Header -zeek.sip.subject=db:zeek.sip.subject;group:zeek_sip;kind:termfield;friendly:Client Subject Header;help:Client Subject Header -zeek.sip.request_path=db:zeek.sip.request_path;group:zeek_sip;kind:termfield;friendly:Request Path;help:Request Path -zeek.sip.response_path=db:zeek.sip.response_path;group:zeek_sip;kind:termfield;friendly:Response Path;help:Response Path -zeek.sip.user_agent=db:zeek.sip.user_agent;group:zeek_sip;kind:termfield;friendly:User Agent;help:User Agent -zeek.sip.status_code=db:zeek.sip.status_code;group:zeek_sip;kind:termfield;friendly:Status Code;help:Status Code -zeek.sip.status_msg=db:zeek.sip.status_msg;group:zeek_sip;kind:termfield;friendly:Status Message;help:Status Message -zeek.sip.warning=db:zeek.sip.warning;group:zeek_sip;kind:termfield;friendly:Warning Header;help:Warning Header -zeek.sip.request_body_len=db:zeek.sip.request_body_len;group:zeek_sip;kind:integer;friendly:Request Body Length;help:Request Body Length -zeek.sip.response_body_len=db:zeek.sip.response_body_len;group:zeek_sip;kind:integer;friendly:Response Body Length;help:Response Body Length -zeek.sip.content_type=db:zeek.sip.content_type;group:zeek_sip;kind:termfield;friendly:Content Type Header;help:Content Type Header -zeek.sip.version=db:zeek.sip.version;group:zeek_sip;kind:termfield;friendly:Version;help:Version +zeek.sip.trans_depth=db:zeek.sip.trans_depth;group:zeek_sip;kind:integer;viewerOnly:true;friendly:Pipeline Depth;help:Pipeline Depth +zeek.sip.method=db:zeek.sip.method;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Request Method;help:Request Method +zeek.sip.uri=db:zeek.sip.uri;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:URI;help:URI +zeek.sip.date=db:zeek.sip.date;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Request Date Header;help:Request Date Header +zeek.sip.request_from=db:zeek.sip.request_from;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Request From Header;help:Request From Header +zeek.sip.request_to=db:zeek.sip.request_to;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Request To Header;help:Request To Header +zeek.sip.response_from=db:zeek.sip.response_from;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Response From Header;help:Response From Header +zeek.sip.response_to=db:zeek.sip.response_to;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Response To Header;help:Response To Header +zeek.sip.reply_to=db:zeek.sip.reply_to;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Reply-To Header;help:Reply-To Header +zeek.sip.call_id=db:zeek.sip.call_id;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Client Call-ID Header;help:Client Call-ID Header +zeek.sip.seq=db:zeek.sip.seq;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Client CSeq Header;help:Client CSeq Header +zeek.sip.subject=db:zeek.sip.subject;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Client Subject Header;help:Client Subject Header +zeek.sip.request_path=db:zeek.sip.request_path;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Request Path;help:Request Path +zeek.sip.response_path=db:zeek.sip.response_path;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Response Path;help:Response Path +zeek.sip.user_agent=db:zeek.sip.user_agent;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:User Agent;help:User Agent +zeek.sip.status_code=db:zeek.sip.status_code;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Status Code;help:Status Code +zeek.sip.status_msg=db:zeek.sip.status_msg;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Status Message;help:Status Message +zeek.sip.warning=db:zeek.sip.warning;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Warning Header;help:Warning Header +zeek.sip.request_body_len=db:zeek.sip.request_body_len;group:zeek_sip;kind:integer;viewerOnly:true;friendly:Request Body Length;help:Request Body Length +zeek.sip.response_body_len=db:zeek.sip.response_body_len;group:zeek_sip;kind:integer;viewerOnly:true;friendly:Response Body Length;help:Response Body Length +zeek.sip.content_type=db:zeek.sip.content_type;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Content Type Header;help:Content Type Header +zeek.sip.version=db:zeek.sip.version;group:zeek_sip;kind:termfield;viewerOnly:true;friendly:Version;help:Version # smb_cmd.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::CmdInfo -zeek.smb_cmd.command=db:zeek.smb_cmd.command;group:zeek_smb;kind:termfield;friendly:Command;help:Command -zeek.smb_cmd.sub_command=db:zeek.smb_cmd.sub_command;group:zeek_smb;kind:termfield;friendly:Subcommand;help:Subcommand -zeek.smb_cmd.argument=db:zeek.smb_cmd.argument;group:zeek_smb;kind:termfield;friendly:Argument;help:Argument -zeek.smb_cmd.status=db:zeek.smb_cmd.status;group:zeek_smb;kind:termfield;friendly:Status;help:Status -zeek.smb_cmd.rtt=db:zeek.smb_cmd.rtt;group:zeek_smb;kind:termfield;friendly:Round Trip Time;help:Round Trip Time -zeek.smb_cmd.version=db:zeek.smb_cmd.version;group:zeek_smb;kind:termfield;friendly:Version;help:Version -zeek.smb_cmd.tree=db:zeek.smb_cmd.tree;group:zeek_smb;kind:termfield;friendly:Tree;help:Tree -zeek.smb_cmd.tree_service=db:zeek.smb_cmd.tree_service;group:zeek_smb;kind:termfield;friendly:Tree Service;help:Tree Service +zeek.smb_cmd.command=db:zeek.smb_cmd.command;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Command;help:Command +zeek.smb_cmd.sub_command=db:zeek.smb_cmd.sub_command;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Subcommand;help:Subcommand +zeek.smb_cmd.argument=db:zeek.smb_cmd.argument;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Argument;help:Argument +zeek.smb_cmd.status=db:zeek.smb_cmd.status;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Status;help:Status +zeek.smb_cmd.rtt=db:zeek.smb_cmd.rtt;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Round Trip Time;help:Round Trip Time +zeek.smb_cmd.version=db:zeek.smb_cmd.version;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Version;help:Version +zeek.smb_cmd.tree=db:zeek.smb_cmd.tree;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Tree;help:Tree +zeek.smb_cmd.tree_service=db:zeek.smb_cmd.tree_service;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Tree Service;help:Tree Service # smb_files.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::FileInfo -zeek.smb_files.action=db:zeek.smb_files.action;group:zeek_smb;kind:termfield;friendly:Action;help:Action -zeek.smb_files.path=db:zeek.smb_files.path;group:zeek_smb;kind:termfield;friendly:File Path;help:File Path -zeek.smb_files.name=db:zeek.smb_files.name;group:zeek_smb;kind:termfield;friendly:File Name;help:File Name -zeek.smb_files.size=db:zeek.smb_files.size;group:zeek_smb;kind:integer;friendly:File Size;help:File Size -zeek.smb_files.prev_name=db:zeek.smb_files.prev_name;group:zeek_smb;kind:termfield;friendly:Previous File Name;help:Previous File Name -zeek.smb_files.times_modified=db:zeek.smb_files.times_modified;group:zeek_smb;kind:termfield;friendly:Write Time;help:Write Time -zeek.smb_files.times_accessed=db:zeek.smb_files.times_accessed;group:zeek_smb;kind:termfield;friendly:Access Time;help:Access Time -zeek.smb_files.times_created=db:zeek.smb_files.times_created;group:zeek_smb;kind:termfield;friendly:Creation Time;help:Creation Time -zeek.smb_files.times_changed=db:zeek.smb_files.times_changed;group:zeek_smb;kind:termfield;friendly:Modified Time;help:Modified Time -zeek.smb_files.data_offset_req=db:zeek.smb_files.data_offset_req;group:zeek_smb;kind:integer;friendly:Data Offset Requested;help:Data Offset Requested -zeek.smb_files.data_len_req=db:zeek.smb_files.data_len_req;group:zeek_smb;kind:integer;friendly:Data Length Requested;help:Data Length Requested -zeek.smb_files.data_len_rsp=db:zeek.smb_files.data_len_rsp;group:zeek_smb;kind:integer;friendly:Data Length In Response;help:Data Length In Response +zeek.smb_files.action=db:zeek.smb_files.action;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Action;help:Action +zeek.smb_files.path=db:zeek.smb_files.path;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:File Path;help:File Path +zeek.smb_files.name=db:zeek.smb_files.name;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:File Name;help:File Name +zeek.smb_files.size=db:zeek.smb_files.size;group:zeek_smb;kind:integer;viewerOnly:true;friendly:File Size;help:File Size +zeek.smb_files.prev_name=db:zeek.smb_files.prev_name;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Previous File Name;help:Previous File Name +zeek.smb_files.times_modified=db:zeek.smb_files.times_modified;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Write Time;help:Write Time +zeek.smb_files.times_accessed=db:zeek.smb_files.times_accessed;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Access Time;help:Access Time +zeek.smb_files.times_created=db:zeek.smb_files.times_created;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Creation Time;help:Creation Time +zeek.smb_files.times_changed=db:zeek.smb_files.times_changed;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Modified Time;help:Modified Time +zeek.smb_files.data_offset_req=db:zeek.smb_files.data_offset_req;group:zeek_smb;kind:integer;viewerOnly:true;friendly:Data Offset Requested;help:Data Offset Requested +zeek.smb_files.data_len_req=db:zeek.smb_files.data_len_req;group:zeek_smb;kind:integer;viewerOnly:true;friendly:Data Length Requested;help:Data Length Requested +zeek.smb_files.data_len_rsp=db:zeek.smb_files.data_len_rsp;group:zeek_smb;kind:integer;viewerOnly:true;friendly:Data Length In Response;help:Data Length In Response # smb_mapping.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smb/main.zeek.html#type-SMB::TreeInfo -zeek.smb_mapping.path=db:zeek.smb_mapping.path;group:zeek_smb;kind:termfield;friendly:Tree Path;help:Tree Path -zeek.smb_mapping.resource_type=db:zeek.smb_mapping.resource_type;group:zeek_smb;kind:termfield;friendly:Resource Type;help:Resource Type -zeek.smb_mapping.native_file_system=db:zeek.smb_mapping.native_file_system;group:zeek_smb;kind:termfield;friendly:File System;help:File System -zeek.smb_mapping.share_type=db:zeek.smb_mapping.share_type;group:zeek_smb;kind:termfield;friendly:Share Type;help:Share Type +zeek.smb_mapping.path=db:zeek.smb_mapping.path;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Tree Path;help:Tree Path +zeek.smb_mapping.resource_type=db:zeek.smb_mapping.resource_type;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Resource Type;help:Resource Type +zeek.smb_mapping.native_file_system=db:zeek.smb_mapping.native_file_system;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:File System;help:File System +zeek.smb_mapping.share_type=db:zeek.smb_mapping.share_type;group:zeek_smb;kind:termfield;viewerOnly:true;friendly:Share Type;help:Share Type # smtp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/smtp/main.zeek.html#type-SMTP::Info -zeek.smtp.trans_depth=db:zeek.smtp.trans_depth;group:zeek_smtp;kind:integer;friendly:Transaction Depth;help:Transaction Depth -zeek.smtp.helo=db:zeek.smtp.helo;group:zeek_smtp;kind:termfield;friendly:HELO;help:HELO -zeek.smtp.mailfrom=db:zeek.smtp.mailfrom;group:zeek_smtp;kind:termfield;friendly:FROM Addresses;help:FROM Addresses -zeek.smtp.rcptto=db:zeek.smtp.rcptto;group:zeek_smtp;kind:termfield;friendly:RCPT TO;help:RCPT TO -zeek.smtp.date=db:zeek.smtp.date;group:zeek_smtp;kind:termfield;friendly:Date;help:Date -zeek.smtp.from=db:zeek.smtp.from;group:zeek_smtp;kind:termfield;friendly:FROM;help:FROM -zeek.smtp.to=db:zeek.smtp.to;group:zeek_smtp;kind:termfield;friendly:TO;help:TO -zeek.smtp.cc=db:zeek.smtp.cc;group:zeek_smtp;kind:termfield;friendly:CC;help:CC -zeek.smtp.reply_to=db:zeek.smtp.reply_to;group:zeek_smtp;kind:termfield;friendly:Reply-To;help:Reply-To -zeek.smtp.msg_id=db:zeek.smtp.msg_id;group:zeek_smtp;kind:termfield;friendly:MsgId;help:MsgId -zeek.smtp.in_reply_to=db:zeek.smtp.in_reply_to;group:zeek_smtp;kind:termfield;friendly:In-Reply-To;help:In-Reply-To -zeek.smtp.subject=db:zeek.smtp.subject;group:zeek_smtp;kind:termfield;friendly:Subject;help:Subject -zeek.smtp.x_originating_ip=db:zeek.smtp.x_originating_ip;group:zeek_smtp;kind:termfield;friendly:X-Originating-IP;help:X-Originating-IP -zeek.smtp.first_received=db:zeek.smtp.first_received;group:zeek_smtp;kind:termfield;friendly:First Received;help:First Received -zeek.smtp.second_received=db:zeek.smtp.second_received;group:zeek_smtp;kind:termfield;friendly:Second Received;help:Second Received -zeek.smtp.last_reply=db:zeek.smtp.last_reply;group:zeek_smtp;kind:termfield;friendly:Last Reply;help:Last Reply -zeek.smtp.last_reply_code=db:zeek.smtp.last_reply_code;group:zeek_smtp;kind:termfield;friendly:Last Reply Code;help:Last Reply Code -zeek.smtp.last_reply_msg=db:zeek.smtp.last_reply_msg;group:zeek_smtp;kind:termfield;friendly:Last Reply Message;help:Last Reply Message -zeek.smtp.path=db:zeek.smtp.path;group:zeek_smtp;kind:termfield;friendly:Tranmission Path;help:Tranmission Path -zeek.smtp.user_agent=db:zeek.smtp.user_agent;group:zeek_smtp;kind:termfield;friendly:User Agent;help:User Agent -zeek.smtp.tls=db:zeek.smtp.tls;group:zeek_smtp;kind:termfield;friendly:TLS;help:TLS -zeek.smtp.is_webmail=db:zeek.smtp.is_webmail;group:zeek_smtp;kind:termfield;friendly:Is Webmail;help:Is Webmail +zeek.smtp.trans_depth=db:zeek.smtp.trans_depth;group:zeek_smtp;kind:integer;viewerOnly:true;friendly:Transaction Depth;help:Transaction Depth +zeek.smtp.helo=db:zeek.smtp.helo;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:HELO;help:HELO +zeek.smtp.mailfrom=db:zeek.smtp.mailfrom;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:FROM Addresses;help:FROM Addresses +zeek.smtp.rcptto=db:zeek.smtp.rcptto;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:RCPT TO;help:RCPT TO +zeek.smtp.date=db:zeek.smtp.date;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Date;help:Date +zeek.smtp.from=db:zeek.smtp.from;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:FROM;help:FROM +zeek.smtp.to=db:zeek.smtp.to;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:TO;help:TO +zeek.smtp.cc=db:zeek.smtp.cc;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:CC;help:CC +zeek.smtp.reply_to=db:zeek.smtp.reply_to;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Reply-To;help:Reply-To +zeek.smtp.msg_id=db:zeek.smtp.msg_id;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:MsgId;help:MsgId +zeek.smtp.in_reply_to=db:zeek.smtp.in_reply_to;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:In-Reply-To;help:In-Reply-To +zeek.smtp.subject=db:zeek.smtp.subject;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Subject;help:Subject +zeek.smtp.x_originating_ip=db:zeek.smtp.x_originating_ip;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:X-Originating-IP;help:X-Originating-IP +zeek.smtp.first_received=db:zeek.smtp.first_received;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:First Received;help:First Received +zeek.smtp.second_received=db:zeek.smtp.second_received;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Second Received;help:Second Received +zeek.smtp.last_reply=db:zeek.smtp.last_reply;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Last Reply;help:Last Reply +zeek.smtp.last_reply_code=db:zeek.smtp.last_reply_code;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Last Reply Code;help:Last Reply Code +zeek.smtp.last_reply_msg=db:zeek.smtp.last_reply_msg;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Last Reply Message;help:Last Reply Message +zeek.smtp.path=db:zeek.smtp.path;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Tranmission Path;help:Tranmission Path +zeek.smtp.user_agent=db:zeek.smtp.user_agent;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:User Agent;help:User Agent +zeek.smtp.tls=db:zeek.smtp.tls;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:TLS;help:TLS +zeek.smtp.is_webmail=db:zeek.smtp.is_webmail;group:zeek_smtp;kind:termfield;viewerOnly:true;friendly:Is Webmail;help:Is Webmail # snmp.log # https://docs.zeek.org/en/stable/scripts/base/protocols/snmp/main.zeek.html#type-SNMP::Info -zeek.snmp.duration=db:zeek.snmp.duration;group:zeek_snmp;kind:termfield;friendly:Duration;help:Duration -zeek.snmp.version=db:zeek.snmp.version;group:zeek_snmp;kind:termfield;friendly:Version;help:Version -zeek.snmp.community=db:zeek.snmp.community;group:zeek_snmp;kind:termfield;friendly:Community;help:Community -zeek.snmp.get_requests=db:zeek.snmp.get_requests;group:zeek_snmp;kind:integer;friendly:Get Requests;help:Get Requests -zeek.snmp.get_bulk_requests=db:zeek.snmp.get_bulk_requests;group:zeek_snmp;kind:integer;friendly:Get Bulk Requests;help:Get Bulk Requests -zeek.snmp.get_responses=db:zeek.snmp.get_responses;group:zeek_snmp;kind:integer;friendly:Get Responses;help:Get Responses -zeek.snmp.set_requests=db:zeek.snmp.set_requests;group:zeek_snmp;kind:integer;friendly:Set Requests;help:Set Requests -zeek.snmp.display_string=db:zeek.snmp.display_string;group:zeek_snmp;kind:termfield;friendly:Display String;help:Display String -zeek.snmp.up_since=db:zeek.snmp.up_since;group:zeek_snmp;kind:termfield;friendly:Up Since Timestamp;help:Up Since Timestamp +zeek.snmp.duration=db:zeek.snmp.duration;group:zeek_snmp;kind:termfield;viewerOnly:true;friendly:Duration;help:Duration +zeek.snmp.version=db:zeek.snmp.version;group:zeek_snmp;kind:termfield;viewerOnly:true;friendly:Version;help:Version +zeek.snmp.community=db:zeek.snmp.community;group:zeek_snmp;kind:termfield;viewerOnly:true;friendly:Community;help:Community +zeek.snmp.get_requests=db:zeek.snmp.get_requests;group:zeek_snmp;kind:integer;viewerOnly:true;friendly:Get Requests;help:Get Requests +zeek.snmp.get_bulk_requests=db:zeek.snmp.get_bulk_requests;group:zeek_snmp;kind:integer;viewerOnly:true;friendly:Get Bulk Requests;help:Get Bulk Requests +zeek.snmp.get_responses=db:zeek.snmp.get_responses;group:zeek_snmp;kind:integer;viewerOnly:true;friendly:Get Responses;help:Get Responses +zeek.snmp.set_requests=db:zeek.snmp.set_requests;group:zeek_snmp;kind:integer;viewerOnly:true;friendly:Set Requests;help:Set Requests +zeek.snmp.display_string=db:zeek.snmp.display_string;group:zeek_snmp;kind:termfield;viewerOnly:true;friendly:Display String;help:Display String +zeek.snmp.up_since=db:zeek.snmp.up_since;group:zeek_snmp;kind:termfield;viewerOnly:true;friendly:Up Since Timestamp;help:Up Since Timestamp # socks.log # https://docs.zeek.org/en/stable/scripts/base/protocols/socks/main.zeek.html#type-SOCKS::Info -zeek.socks.version=db:zeek.socks.version;group:zeek_socks;kind:integer;friendly:Version;help:Version -zeek.socks.server_status=db:zeek.socks.server_status;group:zeek_socks;kind:termfield;friendly:Server Status;help:Server Status -zeek.socks.request_host=db:zeek.socks.request_host;group:zeek_socks;kind:termfield;friendly:Client Address;help:Client Address -zeek.socks.request_name=db:zeek.socks.request_name;group:zeek_socks;kind:termfield;friendly:Client Name;help:Client Name -zeek.socks.request_port=db:zeek.socks.request_port;group:zeek_socks;kind:integer;friendly:Client Port;help:Client Port -zeek.socks.bound_host=db:zeek.socks.bound_host;group:zeek_socks;kind:termfield;friendly:Server Address;help:Server Address -zeek.socks.bound_name=db:zeek.socks.bound_name;group:zeek_socks;kind:termfield;friendly:Server Name;help:Server Name -zeek.socks.bound_port=db:zeek.socks.bound_port;group:zeek_socks;kind:integer;friendly:Server Port;help:Server Port +zeek.socks.version=db:zeek.socks.version;group:zeek_socks;kind:integer;viewerOnly:true;friendly:Version;help:Version +zeek.socks.server_status=db:zeek.socks.server_status;group:zeek_socks;kind:termfield;viewerOnly:true;friendly:Server Status;help:Server Status +zeek.socks.request_host=db:zeek.socks.request_host;group:zeek_socks;kind:termfield;viewerOnly:true;friendly:Client Address;help:Client Address +zeek.socks.request_name=db:zeek.socks.request_name;group:zeek_socks;kind:termfield;viewerOnly:true;friendly:Client Name;help:Client Name +zeek.socks.request_port=db:zeek.socks.request_port;group:zeek_socks;kind:integer;viewerOnly:true;friendly:Client Port;help:Client Port +zeek.socks.bound_host=db:zeek.socks.bound_host;group:zeek_socks;kind:termfield;viewerOnly:true;friendly:Server Address;help:Server Address +zeek.socks.bound_name=db:zeek.socks.bound_name;group:zeek_socks;kind:termfield;viewerOnly:true;friendly:Server Name;help:Server Name +zeek.socks.bound_port=db:zeek.socks.bound_port;group:zeek_socks;kind:integer;viewerOnly:true;friendly:Server Port;help:Server Port # software.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/software/main.zeek.html#type-Software::Info -zeek.software.software_type=db:zeek.software.software_type;group:zeek_software;kind:termfield;friendly:Software Type;help:Software Type -zeek.software.name=db:zeek.software.name;group:zeek_software;kind:termfield;friendly:Software Name;help:Software Name -zeek.software.version_major=db:zeek.software.version_major;group:zeek_software;kind:integer;friendly:Major Version;help:Major Version -zeek.software.version_minor=db:zeek.software.version_minor;group:zeek_software;kind:integer;friendly:Minor Version;help:Minor Version -zeek.software.version_minor2=db:zeek.software.version_minor2;group:zeek_software;kind:integer;friendly:Minor Subversion;help:Minor Subversion -zeek.software.version_minor3=db:zeek.software.version_minor3;group:zeek_software;kind:integer;friendly:Minor Patch;help:Minor Patch -zeek.software.version_addl=db:zeek.software.version_addl;group:zeek_software;kind:termfield;friendly:Additional Version;help:Additional Version -zeek.software.unparsed_version=db:zeek.software.unparsed_version;group:zeek_software;kind:termfield;friendly:Version;help:Version +zeek.software.software_type=db:zeek.software.software_type;group:zeek_software;kind:termfield;viewerOnly:true;friendly:Software Type;help:Software Type +zeek.software.name=db:zeek.software.name;group:zeek_software;kind:termfield;viewerOnly:true;friendly:Software Name;help:Software Name +zeek.software.version_major=db:zeek.software.version_major;group:zeek_software;kind:integer;viewerOnly:true;friendly:Major Version;help:Major Version +zeek.software.version_minor=db:zeek.software.version_minor;group:zeek_software;kind:integer;viewerOnly:true;friendly:Minor Version;help:Minor Version +zeek.software.version_minor2=db:zeek.software.version_minor2;group:zeek_software;kind:integer;viewerOnly:true;friendly:Minor Subversion;help:Minor Subversion +zeek.software.version_minor3=db:zeek.software.version_minor3;group:zeek_software;kind:integer;viewerOnly:true;friendly:Minor Patch;help:Minor Patch +zeek.software.version_addl=db:zeek.software.version_addl;group:zeek_software;kind:termfield;viewerOnly:true;friendly:Additional Version;help:Additional Version +zeek.software.unparsed_version=db:zeek.software.unparsed_version;group:zeek_software;kind:termfield;viewerOnly:true;friendly:Version;help:Version # ssh.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ssh/main.zeek.html#type-SSH::Info -zeek.ssh.version=db:zeek.ssh.version;group:zeek_ssh;kind:integer;friendly:Version;help:Version -zeek.ssh.auth_success=db:zeek.ssh.auth_success;group:zeek_ssh;kind:termfield;friendly:Authentication Success;help:Authentication Success -zeek.ssh.auth_attempts=db:zeek.ssh.auth_attempts;group:zeek_ssh;kind:integer;friendly:Authentication Attempts;help:Authentication Attempts -zeek.ssh.direction=db:zeek.ssh.direction;group:zeek_ssh;kind:termfield;friendly:Connection Direction;help:Connection Direction -zeek.ssh.client=db:zeek.ssh.client;group:zeek_ssh;kind:termfield;friendly:Client Version;help:Client Version -zeek.ssh.server=db:zeek.ssh.server;group:zeek_ssh;kind:termfield;friendly:Server Version;help:Server Version -zeek.ssh.cipher_alg=db:zeek.ssh.cipher_alg;group:zeek_ssh;kind:termfield;friendly:Cipher;help:Cipher Algorithm -zeek.ssh.mac_alg=db:zeek.ssh.mac_alg;group:zeek_ssh;kind:termfield;friendly:Signing Algorithm;help:Signing Algorithm -zeek.ssh.compression_alg=db:zeek.ssh.compression_alg;group:zeek_ssh;kind:termfield;friendly:Compression Algorithm;help:Compression Algorithm -zeek.ssh.kex_alg=db:zeek.ssh.kex_alg;group:zeek_ssh;kind:termfield;friendly:Key Exchange Algorithm;help:Key Exchange Algorithm -zeek.ssh.host_key_alg=db:zeek.ssh.host_key_alg;group:zeek_ssh;kind:termfield;friendly:Server Host Key Algorithm;help:Server Host Key Algorithm -zeek.ssh.host_key=db:zeek.ssh.host_key;group:zeek_ssh;kind:termfield;friendly:Server Key Fingerprint;help:Server Key Fingerprint -zeek.ssh.remote_location_country_code=db:zeek.ssh.remote_location_country_code;group:zeek_ssh;kind:termfield;friendly:SSH Remote Country Code;help:SSH Remote Country Code -zeek.ssh.remote_location_region=db:zeek.ssh.remote_location_region;group:zeek_ssh;kind:termfield;friendly:SSH Remote Region;help:SSH Remote Region -zeek.ssh.remote_location_city=db:zeek.ssh.remote_location_city;group:zeek_ssh;kind:termfield;friendly:SSH Remote City;help:SSH Remote City -zeek.ssh.remote_location_latitude=db:zeek.ssh.remote_location_latitude;group:zeek_ssh;kind:termfield;friendly:SSH Remote Latitude;help:SSH Remote Latitude -zeek.ssh.remote_location_longitude=db:zeek.ssh.remote_location_longitude;group:zeek_ssh;kind:termfield;friendly:SSH Remote Longitude;help:SSH Remote Longitude -zeek.ssh.hasshVersion=db:zeek.ssh.hasshVersion;group:zeek_ssh;kind:termfield;friendly:HASSH Version;help:HASSH Version -zeek.ssh.hassh=db:zeek.ssh.hassh;group:zeek_ssh;kind:termfield;friendly:HASSH Client Fingerprint;help:HASSH Client Fingerprint -zeek.ssh.hasshServer=db:zeek.ssh.hasshServer;group:zeek_ssh;kind:termfield;friendly:HASSH Server Fingerprint;help:HASSH Server Fingerprint -zeek.ssh.hasshAlgorithms=db:zeek.ssh.hasshAlgorithms;group:zeek_ssh;kind:termfield;friendly:HASSH Client Algorithms;help:HASSH Client Algorithms -zeek.ssh.hasshServerAlgorithms=db:zeek.ssh.hasshServerAlgorithms;group:zeek_ssh;kind:termfield;friendly:HASSH Server Algorithms;help:HASSH Server Algorithms -zeek.ssh.cshka=db:zeek.ssh.cshka;group:zeek_ssh;kind:termfield;friendly:HASSH Client Host Key Algorithms;help:HASSH Client Host Key Algorithms -zeek.ssh.sshka=db:zeek.ssh.sshka;group:zeek_ssh;kind:termfield;friendly:HASSH Server Host Key Algorithms;help:HASSH Server Host Key Algorithms +zeek.ssh.version=db:zeek.ssh.version;group:zeek_ssh;kind:integer;viewerOnly:true;friendly:Version;help:Version +zeek.ssh.auth_success=db:zeek.ssh.auth_success;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Authentication Success;help:Authentication Success +zeek.ssh.auth_attempts=db:zeek.ssh.auth_attempts;group:zeek_ssh;kind:integer;viewerOnly:true;friendly:Authentication Attempts;help:Authentication Attempts +zeek.ssh.direction=db:zeek.ssh.direction;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Connection Direction;help:Connection Direction +zeek.ssh.client=db:zeek.ssh.client;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Client Version;help:Client Version +zeek.ssh.server=db:zeek.ssh.server;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Server Version;help:Server Version +zeek.ssh.cipher_alg=db:zeek.ssh.cipher_alg;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Cipher;help:Cipher Algorithm +zeek.ssh.mac_alg=db:zeek.ssh.mac_alg;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Signing Algorithm;help:Signing Algorithm +zeek.ssh.compression_alg=db:zeek.ssh.compression_alg;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Compression Algorithm;help:Compression Algorithm +zeek.ssh.kex_alg=db:zeek.ssh.kex_alg;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Key Exchange Algorithm;help:Key Exchange Algorithm +zeek.ssh.host_key_alg=db:zeek.ssh.host_key_alg;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Server Host Key Algorithm;help:Server Host Key Algorithm +zeek.ssh.host_key=db:zeek.ssh.host_key;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:Server Key Fingerprint;help:Server Key Fingerprint +zeek.ssh.remote_location_country_code=db:zeek.ssh.remote_location_country_code;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:SSH Remote Country Code;help:SSH Remote Country Code +zeek.ssh.remote_location_region=db:zeek.ssh.remote_location_region;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:SSH Remote Region;help:SSH Remote Region +zeek.ssh.remote_location_city=db:zeek.ssh.remote_location_city;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:SSH Remote City;help:SSH Remote City +zeek.ssh.remote_location_latitude=db:zeek.ssh.remote_location_latitude;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:SSH Remote Latitude;help:SSH Remote Latitude +zeek.ssh.remote_location_longitude=db:zeek.ssh.remote_location_longitude;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:SSH Remote Longitude;help:SSH Remote Longitude +zeek.ssh.hasshVersion=db:zeek.ssh.hasshVersion;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Version;help:HASSH Version +zeek.ssh.hassh=db:zeek.ssh.hassh;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Client Fingerprint;help:HASSH Client Fingerprint +zeek.ssh.hasshServer=db:zeek.ssh.hasshServer;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Server Fingerprint;help:HASSH Server Fingerprint +zeek.ssh.hasshAlgorithms=db:zeek.ssh.hasshAlgorithms;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Client Algorithms;help:HASSH Client Algorithms +zeek.ssh.hasshServerAlgorithms=db:zeek.ssh.hasshServerAlgorithms;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Server Algorithms;help:HASSH Server Algorithms +zeek.ssh.cshka=db:zeek.ssh.cshka;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Client Host Key Algorithms;help:HASSH Client Host Key Algorithms +zeek.ssh.sshka=db:zeek.ssh.sshka;group:zeek_ssh;kind:termfield;viewerOnly:true;friendly:HASSH Server Host Key Algorithms;help:HASSH Server Host Key Algorithms # ssl.log # https://docs.zeek.org/en/stable/scripts/base/protocols/ssl/main.zeek.html#type-SSL::Info -zeek.ssl.ssl_version=db:zeek.ssl.ssl_version;group:zeek_ssl;kind:termfield;friendly:Version;help:Version -zeek.ssl.cipher=db:zeek.ssl.cipher;group:zeek_ssl;kind:termfield;friendly:Cipher;help:Cipher -zeek.ssl.curve=db:zeek.ssl.curve;group:zeek_ssl;kind:termfield;friendly:Elliptic Curve;help:Elliptic Curve -zeek.ssl.server_name=db:zeek.ssl.server_name;group:zeek_ssl;kind:termfield;friendly:Server Name;help:Server Name -zeek.ssl.sni_matches_cert=db:zeek.ssl.sni_matches_cert;group:zeek_ssl;kind:termfield;friendly:SNI Matches Certificate;help:SNI Matches Certificate -zeek.ssl.ssl_history=db:zeek.ssl.ssl_history;group:zeek_ssl;kind:termfield;friendly:SSL Packet History;help:SSL Packet History -zeek.ssl.resumed=db:zeek.ssl.resumed;group:zeek_ssl;kind:termfield;friendly:Resumed;help:Resumed -zeek.ssl.last_alert=db:zeek.ssl.last_alert;group:zeek_ssl;kind:termfield;friendly:Last Alert;help:Last Alert -zeek.ssl.next_protocol=db:zeek.ssl.next_protocol;group:zeek_ssl;kind:termfield;friendly:Next Protocol;help:Next Protocol -zeek.ssl.established=db:zeek.ssl.established;group:zeek_ssl;kind:termfield;friendly:Established;help:Established -zeek.ssl.cert_chain_fuids=db:zeek.ssl.cert_chain_fuids;group:zeek_ssl;kind:termfield;friendly:Certificate Chain File ID;help:Certificate Chain File ID -zeek.ssl.cert_chain_fps=db:zeek.ssl.cert_chain_fps;group:zeek_ssl;kind:termfield;friendly:Certificate Chain File Fingerprints;help:Certificate Chain File Fingerprints -zeek.ssl.client_cert_chain_fuids=db:zeek.ssl.client_cert_chain_fuids;group:zeek_ssl;kind:termfield;friendly:Client Certificate File ID;help:Client Certificate File ID -zeek.ssl.client_cert_chain_fps=db:zeek.ssl.client_cert_chain_fps;group:zeek_ssl;kind:termfield;friendly:Client Certificate File Fingerprints;help:Client Certificate File Fingerprints -zeek.ssl.issuer_full=db:zeek.ssl.issuer_full;group:zeek_ssl;kind:termfield;friendly:Issuer;help:Issuer -zeek.ssl.subject.C=db:zeek.ssl.subject.C;group:zeek_ssl;kind:termfield;friendly:Subject Country;help:Subject Country -zeek.ssl.subject.CN=db:zeek.ssl.subject.CN;group:zeek_ssl;kind:termfield;friendly:Subject Common Name;help:Subject Common Name -zeek.ssl.subject.description=db:zeek.ssl.subject.description;group:zeek_ssl;kind:termfield;friendly:Subject Description;help:Subject Description -zeek.ssl.subject.emailAddress=db:zeek.ssl.subject.emailAddress;group:zeek_ssl;kind:termfield;friendly:Subject Email Address;help:Subject Email Address -zeek.ssl.subject_full=db:zeek.ssl.subject_full;group:zeek_ssl;kind:termfield;friendly:Subject;help:Subject -zeek.ssl.subject.GN=db:zeek.ssl.subject.GN;group:zeek_ssl;kind:termfield;friendly:Subject Given Name;help:Subject Given Name -zeek.ssl.subject.initials=db:zeek.ssl.subject.initials;group:zeek_ssl;kind:termfield;friendly:Subject Initials;help:Subject Initials -zeek.ssl.subject.L=db:zeek.ssl.subject.L;group:zeek_ssl;kind:termfield;friendly:Subject Locality;help:Subject Locality -zeek.ssl.subject.O=db:zeek.ssl.subject.O;group:zeek_ssl;kind:termfield;friendly:Subject Organization;help:Subject Organization -zeek.ssl.subject.OU=db:zeek.ssl.subject.OU;group:zeek_ssl;kind:termfield;friendly:Subject Organization Unit;help:Subject Organization Unit -zeek.ssl.subject.postalCode=db:zeek.ssl.subject.postalCode;group:zeek_ssl;kind:termfield;friendly:Subject Postal Code;help:Subject Postal Code -zeek.ssl.subject.pseudonym=db:zeek.ssl.subject.pseudonym;group:zeek_ssl;kind:termfield;friendly:Subject Pseudonym;help:Subject Pseudonym -zeek.ssl.subject.serialNumber=db:zeek.ssl.subject.serialNumber;group:zeek_ssl;kind:termfield;friendly:Subject Serial Number;help:Subject Serial Number -zeek.ssl.subject.SN=db:zeek.ssl.subject.SN;group:zeek_ssl;kind:termfield;friendly:Subject Surname;help:Subject Surname -zeek.ssl.subject.ST=db:zeek.ssl.subject.ST;group:zeek_ssl;kind:termfield;friendly:Subject State;help:Subject State -zeek.ssl.subject.street=db:zeek.ssl.subject.street;group:zeek_ssl;kind:termfield;friendly:Subject Street;help:Subject Street -zeek.ssl.subject.title=db:zeek.ssl.subject.title;group:zeek_ssl;kind:termfield;friendly:Subject Title;help:Subject Title -zeek.ssl.issuer.CN=db:zeek.ssl.issuer.CN;group:zeek_ssl;kind:termfield;friendly:Issuer Common Name;help:Issuer Common Name -zeek.ssl.issuer.C=db:zeek.ssl.issuer.C;group:zeek_ssl;kind:termfield;friendly:Issuer Country;help:Issuer Country -zeek.ssl.issuer.O=db:zeek.ssl.issuer.O;group:zeek_ssl;kind:termfield;friendly:Issuer Organization;help:Issuer Organization -zeek.ssl.issuer.OU=db:zeek.ssl.issuer.OU;group:zeek_ssl;kind:termfield;friendly:Issuer Organization Unit;help:Issuer Organization Unit -zeek.ssl.issuer.ST=db:zeek.ssl.issuer.ST;group:zeek_ssl;kind:termfield;friendly:Issuer State;help:Issuer State -zeek.ssl.issuer.SN=db:zeek.ssl.issuer.SN;group:zeek_ssl;kind:termfield;friendly:Issuer Surname;help:Issuer Surname -zeek.ssl.issuer.L=db:zeek.ssl.issuer.L;group:zeek_ssl;kind:termfield;friendly:Issuer Locality;help:Issuer Locality -zeek.ssl.issuer.DC=db:zeek.ssl.issuer.DC;group:zeek_ssl;kind:termfield;friendly:Issuer Distinguished Name;help:Issuer Distinguished Name -zeek.ssl.issuer.GN=db:zeek.ssl.issuer.GN;group:zeek_ssl;kind:termfield;friendly:Issuer Given Name;help:Issuer Given Name -zeek.ssl.issuer.pseudonym=db:zeek.ssl.issuer.pseudonym;group:zeek_ssl;kind:termfield;friendly:Issuer Pseudonym;help:Issuer Pseudonym -zeek.ssl.issuer.serialNumber=db:zeek.ssl.issuer.serialNumber;group:zeek_ssl;kind:termfield;friendly:Issuer Serial Number;help:Issuer Serial Number -zeek.ssl.issuer.title=db:zeek.ssl.issuer.title;group:zeek_ssl;kind:termfield;friendly:Issuer Title;help:Issuer Title -zeek.ssl.issuer.initials=db:zeek.ssl.issuer.initials;group:zeek_ssl;kind:termfield;friendly:Issuer Initials;help:Issuer Initials -zeek.ssl.issuer.emailAddress=db:zeek.ssl.issuer.emailAddress;group:zeek_ssl;kind:termfield;friendly:Issuer Email Address;help:Issuer Email Address -zeek.ssl.client_subject_full=db:zeek.ssl.client_subject_full;group:zeek_ssl;kind:termfield;friendly:Client Subject;help:Client Subject -zeek.ssl.client_subject.CN=db:zeek.ssl.client_subject.CN;group:zeek_ssl;kind:termfield;friendly:Client Subject Common Name;help:Client Subject Common Name -zeek.ssl.client_subject.C=db:zeek.ssl.client_subject.C;group:zeek_ssl;kind:termfield;friendly:Client Subject Country;help:Client Subject Country -zeek.ssl.client_subject.O=db:zeek.ssl.client_subject.O;group:zeek_ssl;kind:termfield;friendly:Client Subject Organization;help:Client Subject Organization -zeek.ssl.client_subject.OU=db:zeek.ssl.client_subject.OU;group:zeek_ssl;kind:termfield;friendly:Client Subject Organization Unit;help:Client Subject Organization Unit -zeek.ssl.client_subject.ST=db:zeek.ssl.client_subject.ST;group:zeek_ssl;kind:termfield;friendly:Client Subject State;help:Client Subject State -zeek.ssl.client_subject.SN=db:zeek.ssl.client_subject.SN;group:zeek_ssl;kind:termfield;friendly:Client Subject Surname;help:Client Subject Surname -zeek.ssl.client_subject.L=db:zeek.ssl.client_subject.L;group:zeek_ssl;kind:termfield;friendly:Client Subject Locality;help:Client Subject Locality -zeek.ssl.client_subject.GN=db:zeek.ssl.client_subject.GN;group:zeek_ssl;kind:termfield;friendly:Client Subject Given Name;help:Client Subject Given Name -zeek.ssl.client_subject.pseudonym=db:zeek.ssl.client_subject.pseudonym;group:zeek_ssl;kind:termfield;friendly:Client Subject Pseudonym;help:Client Subject Pseudonym -zeek.ssl.client_subject.serialNumber=db:zeek.ssl.client_subject.serialNumber;group:zeek_ssl;kind:termfield;friendly:Client Subject Serial Number;help:Client Subject Serial Number -zeek.ssl.client_subject.title=db:zeek.ssl.client_subject.title;group:zeek_ssl;kind:termfield;friendly:Client Subject Title;help:Client Subject Title -zeek.ssl.client_subject.initials=db:zeek.ssl.client_subject.initials;group:zeek_ssl;kind:termfield;friendly:Client Subject Initials;help:Client Subject Initials -zeek.ssl.client_subject.emailAddress=db:zeek.ssl.client_subject.emailAddress;group:zeek_ssl;kind:termfield;friendly:Client Subject Email Address;help:Client Subject Email Address -zeek.ssl.client_issuer_full=db:zeek.ssl.client_issuer_full;group:zeek_ssl;kind:termfield;friendly:Client Issuer;help:Client Issuer -zeek.ssl.client_issuer.CN=db:zeek.ssl.client_issuer.CN;group:zeek_ssl;kind:termfield;friendly:Client Issuer Common Name;help:Client Issuer Common Name -zeek.ssl.client_issuer.C=db:zeek.ssl.client_issuer.C;group:zeek_ssl;kind:termfield;friendly:Client Issuer Country;help:Client Issuer Country -zeek.ssl.client_issuer.O=db:zeek.ssl.client_issuer.O;group:zeek_ssl;kind:termfield;friendly:Client Issuer Organization;help:Client Issuer Organization -zeek.ssl.client_issuer.OU=db:zeek.ssl.client_issuer.OU;group:zeek_ssl;kind:termfield;friendly:Client Issuer Organization Unit;help:Client Issuer Organization Unit -zeek.ssl.client_issuer.ST=db:zeek.ssl.client_issuer.ST;group:zeek_ssl;kind:termfield;friendly:Client Issuer State;help:Client Issuer State -zeek.ssl.client_issuer.SN=db:zeek.ssl.client_issuer.SN;group:zeek_ssl;kind:termfield;friendly:Client Issuer Surname;help:Client Issuer Surname -zeek.ssl.client_issuer.L=db:zeek.ssl.client_issuer.L;group:zeek_ssl;kind:termfield;friendly:Client Issuer Locality;help:Client Issuer Locality -zeek.ssl.client_issuer.DC=db:zeek.ssl.client_issuer.DC;group:zeek_ssl;kind:termfield;friendly:Client Issuer Distinguished Name;help:Client Issuer Distinguished Name -zeek.ssl.client_issuer.GN=db:zeek.ssl.client_issuer.GN;group:zeek_ssl;kind:termfield;friendly:Client Issuer Given Name;help:Client Issuer Given Name -zeek.ssl.client_issuer.pseudonym=db:zeek.ssl.client_issuer.pseudonym;group:zeek_ssl;kind:termfield;friendly:Client Issuer Pseudonym;help:Client Issuer Pseudonym -zeek.ssl.client_issuer.serialNumber=db:zeek.ssl.client_issuer.serialNumber;group:zeek_ssl;kind:termfield;friendly:Client Issuer Serial Number;help:Client Issuer Serial Number -zeek.ssl.client_issuer.title=db:zeek.ssl.client_issuer.title;group:zeek_ssl;kind:termfield;friendly:Client Issuer Title;help:Client Issuer Title -zeek.ssl.client_issuer.initials=db:zeek.ssl.client_issuer.initials;group:zeek_ssl;kind:termfield;friendly:Client Issuer Initials;help:Client Issuer Initials -zeek.ssl.client_issuer.emailAddress=db:zeek.ssl.client_issuer.emailAddress;group:zeek_ssl;kind:termfield;friendly:Client Issuer Email Address;help:Client Issuer Email Address -zeek.ssl.validation_status=db:zeek.ssl.validation_status;group:zeek_ssl;kind:termfield;friendly:Validation Status;help:Validation Status -tls.client.ja3=db:tls.client.ja3;group:zeek_ssl;kind:termfield;friendly:JA3 Client Fingerprint;help:JA3 Client Fingerprint -tls.server.ja3s=db:tls.server.ja3s;group:zeek_ssl;kind:termfield;friendly:JA3 Server Fingerprint;help:JA3 Server Fingerprint -tls.client.ja3_description=db:tls.client.ja3_description;group:zeek_ssl;kind:termfield;friendly:JA3 Client Fingerprint Lookup;help:JA3 Client Fingerprint Lookup -tls.server.ja3s_description=db:tls.server.ja3s_description;group:zeek_ssl;kind:termfield;friendly:JA3 Server Fingerprint Lookup;help:JA3 Server Fingerprint Lookup +zeek.ssl.ssl_version=db:zeek.ssl.ssl_version;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Version;help:Version +zeek.ssl.cipher=db:zeek.ssl.cipher;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Cipher;help:Cipher +zeek.ssl.curve=db:zeek.ssl.curve;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Elliptic Curve;help:Elliptic Curve +zeek.ssl.server_name=db:zeek.ssl.server_name;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Server Name;help:Server Name +zeek.ssl.sni_matches_cert=db:zeek.ssl.sni_matches_cert;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:SNI Matches Certificate;help:SNI Matches Certificate +zeek.ssl.ssl_history=db:zeek.ssl.ssl_history;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:SSL Packet History;help:SSL Packet History +zeek.ssl.resumed=db:zeek.ssl.resumed;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Resumed;help:Resumed +zeek.ssl.last_alert=db:zeek.ssl.last_alert;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Last Alert;help:Last Alert +zeek.ssl.next_protocol=db:zeek.ssl.next_protocol;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Next Protocol;help:Next Protocol +zeek.ssl.established=db:zeek.ssl.established;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Established;help:Established +zeek.ssl.cert_chain_fuids=db:zeek.ssl.cert_chain_fuids;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Certificate Chain File ID;help:Certificate Chain File ID +zeek.ssl.cert_chain_fps=db:zeek.ssl.cert_chain_fps;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Certificate Chain File Fingerprints;help:Certificate Chain File Fingerprints +zeek.ssl.client_cert_chain_fuids=db:zeek.ssl.client_cert_chain_fuids;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Certificate File ID;help:Client Certificate File ID +zeek.ssl.client_cert_chain_fps=db:zeek.ssl.client_cert_chain_fps;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Certificate File Fingerprints;help:Client Certificate File Fingerprints +zeek.ssl.issuer_full=db:zeek.ssl.issuer_full;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer;help:Issuer +zeek.ssl.subject.C=db:zeek.ssl.subject.C;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Country;help:Subject Country +zeek.ssl.subject.CN=db:zeek.ssl.subject.CN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Common Name;help:Subject Common Name +zeek.ssl.subject.description=db:zeek.ssl.subject.description;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Description;help:Subject Description +zeek.ssl.subject.emailAddress=db:zeek.ssl.subject.emailAddress;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Email Address;help:Subject Email Address +zeek.ssl.subject_full=db:zeek.ssl.subject_full;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject;help:Subject +zeek.ssl.subject.GN=db:zeek.ssl.subject.GN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Given Name;help:Subject Given Name +zeek.ssl.subject.initials=db:zeek.ssl.subject.initials;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Initials;help:Subject Initials +zeek.ssl.subject.L=db:zeek.ssl.subject.L;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Locality;help:Subject Locality +zeek.ssl.subject.O=db:zeek.ssl.subject.O;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Organization;help:Subject Organization +zeek.ssl.subject.OU=db:zeek.ssl.subject.OU;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Organization Unit;help:Subject Organization Unit +zeek.ssl.subject.postalCode=db:zeek.ssl.subject.postalCode;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Postal Code;help:Subject Postal Code +zeek.ssl.subject.pseudonym=db:zeek.ssl.subject.pseudonym;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Pseudonym;help:Subject Pseudonym +zeek.ssl.subject.serialNumber=db:zeek.ssl.subject.serialNumber;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Serial Number;help:Subject Serial Number +zeek.ssl.subject.SN=db:zeek.ssl.subject.SN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Surname;help:Subject Surname +zeek.ssl.subject.ST=db:zeek.ssl.subject.ST;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject State;help:Subject State +zeek.ssl.subject.street=db:zeek.ssl.subject.street;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Street;help:Subject Street +zeek.ssl.subject.title=db:zeek.ssl.subject.title;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Subject Title;help:Subject Title +zeek.ssl.issuer.CN=db:zeek.ssl.issuer.CN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Common Name;help:Issuer Common Name +zeek.ssl.issuer.C=db:zeek.ssl.issuer.C;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Country;help:Issuer Country +zeek.ssl.issuer.O=db:zeek.ssl.issuer.O;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Organization;help:Issuer Organization +zeek.ssl.issuer.OU=db:zeek.ssl.issuer.OU;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Organization Unit;help:Issuer Organization Unit +zeek.ssl.issuer.ST=db:zeek.ssl.issuer.ST;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer State;help:Issuer State +zeek.ssl.issuer.SN=db:zeek.ssl.issuer.SN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Surname;help:Issuer Surname +zeek.ssl.issuer.L=db:zeek.ssl.issuer.L;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Locality;help:Issuer Locality +zeek.ssl.issuer.DC=db:zeek.ssl.issuer.DC;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Distinguished Name;help:Issuer Distinguished Name +zeek.ssl.issuer.GN=db:zeek.ssl.issuer.GN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Given Name;help:Issuer Given Name +zeek.ssl.issuer.pseudonym=db:zeek.ssl.issuer.pseudonym;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Pseudonym;help:Issuer Pseudonym +zeek.ssl.issuer.serialNumber=db:zeek.ssl.issuer.serialNumber;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Serial Number;help:Issuer Serial Number +zeek.ssl.issuer.title=db:zeek.ssl.issuer.title;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Title;help:Issuer Title +zeek.ssl.issuer.initials=db:zeek.ssl.issuer.initials;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Initials;help:Issuer Initials +zeek.ssl.issuer.emailAddress=db:zeek.ssl.issuer.emailAddress;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Issuer Email Address;help:Issuer Email Address +zeek.ssl.client_subject_full=db:zeek.ssl.client_subject_full;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject;help:Client Subject +zeek.ssl.client_subject.CN=db:zeek.ssl.client_subject.CN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Common Name;help:Client Subject Common Name +zeek.ssl.client_subject.C=db:zeek.ssl.client_subject.C;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Country;help:Client Subject Country +zeek.ssl.client_subject.O=db:zeek.ssl.client_subject.O;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Organization;help:Client Subject Organization +zeek.ssl.client_subject.OU=db:zeek.ssl.client_subject.OU;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Organization Unit;help:Client Subject Organization Unit +zeek.ssl.client_subject.ST=db:zeek.ssl.client_subject.ST;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject State;help:Client Subject State +zeek.ssl.client_subject.SN=db:zeek.ssl.client_subject.SN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Surname;help:Client Subject Surname +zeek.ssl.client_subject.L=db:zeek.ssl.client_subject.L;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Locality;help:Client Subject Locality +zeek.ssl.client_subject.GN=db:zeek.ssl.client_subject.GN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Given Name;help:Client Subject Given Name +zeek.ssl.client_subject.pseudonym=db:zeek.ssl.client_subject.pseudonym;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Pseudonym;help:Client Subject Pseudonym +zeek.ssl.client_subject.serialNumber=db:zeek.ssl.client_subject.serialNumber;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Serial Number;help:Client Subject Serial Number +zeek.ssl.client_subject.title=db:zeek.ssl.client_subject.title;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Title;help:Client Subject Title +zeek.ssl.client_subject.initials=db:zeek.ssl.client_subject.initials;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Initials;help:Client Subject Initials +zeek.ssl.client_subject.emailAddress=db:zeek.ssl.client_subject.emailAddress;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Subject Email Address;help:Client Subject Email Address +zeek.ssl.client_issuer_full=db:zeek.ssl.client_issuer_full;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer;help:Client Issuer +zeek.ssl.client_issuer.CN=db:zeek.ssl.client_issuer.CN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Common Name;help:Client Issuer Common Name +zeek.ssl.client_issuer.C=db:zeek.ssl.client_issuer.C;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Country;help:Client Issuer Country +zeek.ssl.client_issuer.O=db:zeek.ssl.client_issuer.O;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Organization;help:Client Issuer Organization +zeek.ssl.client_issuer.OU=db:zeek.ssl.client_issuer.OU;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Organization Unit;help:Client Issuer Organization Unit +zeek.ssl.client_issuer.ST=db:zeek.ssl.client_issuer.ST;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer State;help:Client Issuer State +zeek.ssl.client_issuer.SN=db:zeek.ssl.client_issuer.SN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Surname;help:Client Issuer Surname +zeek.ssl.client_issuer.L=db:zeek.ssl.client_issuer.L;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Locality;help:Client Issuer Locality +zeek.ssl.client_issuer.DC=db:zeek.ssl.client_issuer.DC;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Distinguished Name;help:Client Issuer Distinguished Name +zeek.ssl.client_issuer.GN=db:zeek.ssl.client_issuer.GN;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Given Name;help:Client Issuer Given Name +zeek.ssl.client_issuer.pseudonym=db:zeek.ssl.client_issuer.pseudonym;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Pseudonym;help:Client Issuer Pseudonym +zeek.ssl.client_issuer.serialNumber=db:zeek.ssl.client_issuer.serialNumber;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Serial Number;help:Client Issuer Serial Number +zeek.ssl.client_issuer.title=db:zeek.ssl.client_issuer.title;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Title;help:Client Issuer Title +zeek.ssl.client_issuer.initials=db:zeek.ssl.client_issuer.initials;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Initials;help:Client Issuer Initials +zeek.ssl.client_issuer.emailAddress=db:zeek.ssl.client_issuer.emailAddress;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Client Issuer Email Address;help:Client Issuer Email Address +zeek.ssl.validation_status=db:zeek.ssl.validation_status;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:Validation Status;help:Validation Status +tls.client.ja3=db:tls.client.ja3;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:JA3 Client Fingerprint;help:JA3 Client Fingerprint +tls.server.ja3s=db:tls.server.ja3s;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:JA3 Server Fingerprint;help:JA3 Server Fingerprint +tls.client.ja3_description=db:tls.client.ja3_description;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:JA3 Client Fingerprint Lookup;help:JA3 Client Fingerprint Lookup +tls.server.ja3s_description=db:tls.server.ja3s_description;group:zeek_ssl;kind:termfield;viewerOnly:true;friendly:JA3 Server Fingerprint Lookup;help:JA3 Server Fingerprint Lookup # stun.log and stun_nat.log # https://github.com/corelight/zeek-spicy-stun/blob/master/analyzer/main.zeek -zeek.stun.trans_id=db:zeek.stun.trans_id;group:zeek_stun;kind:termfield;friendly:Transaction ID;help:Transaction ID -zeek.stun.method=db:zeek.stun.method;group:zeek_stun;kind:termfield;friendly:STUN Method;help:STUN Method -zeek.stun.class=db:zeek.stun.class;group:zeek_stun;kind:termfield;friendly:STUN Class;help:STUN Class -zeek.stun.attr_type=db:zeek.stun.attr_type;group:zeek_stun;kind:termfield;friendly:Attribute Type;help:Attribute Type -zeek.stun.attr_val=db:zeek.stun.attr_val;group:zeek_stun;kind:termfield;friendly:Attribute Value;help:Attribute Value -zeek.stun_nat.wan_addr=db:zeek.stun_nat.wan_addr;group:zeek_stun;kind:termfield;friendly:WAN Address;help:WAN Address -zeek.stun_nat.wan_port=db:zeek.stun_nat.wan_port;group:zeek_stun;kind:integer;friendly:Mapped Port;help:Mapped Port -zeek.stun_nat.lan_addr=db:zeek.stun_nat.lan_addr;group:zeek_stun;kind:termfield;friendly:NAT LAN Address;help:NAT LAN Address +zeek.stun.trans_id=db:zeek.stun.trans_id;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:Transaction ID;help:Transaction ID +zeek.stun.method=db:zeek.stun.method;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:STUN Method;help:STUN Method +zeek.stun.class=db:zeek.stun.class;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:STUN Class;help:STUN Class +zeek.stun.attr_type=db:zeek.stun.attr_type;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:Attribute Type;help:Attribute Type +zeek.stun.attr_val=db:zeek.stun.attr_val;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:Attribute Value;help:Attribute Value +zeek.stun_nat.wan_addr=db:zeek.stun_nat.wan_addr;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:WAN Address;help:WAN Address +zeek.stun_nat.wan_port=db:zeek.stun_nat.wan_port;group:zeek_stun;kind:integer;viewerOnly:true;friendly:Mapped Port;help:Mapped Port +zeek.stun_nat.lan_addr=db:zeek.stun_nat.lan_addr;group:zeek_stun;kind:termfield;viewerOnly:true;friendly:NAT LAN Address;help:NAT LAN Address # synchrophasor_cmd.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_cmd.command=db:zeek.synchrophasor_cmd.command;group:zeek_synchrophasor;kind:termfield;friendly:command;help:command -zeek.synchrophasor_cmd.extframe=db:zeek.synchrophasor_cmd.extframe;group:zeek_synchrophasor;kind:integer;friendly:extframe;help:extframe +zeek.synchrophasor_cmd.command=db:zeek.synchrophasor_cmd.command;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:command;help:command +zeek.synchrophasor_cmd.extframe=db:zeek.synchrophasor_cmd.extframe;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:extframe;help:extframe # synchrophasor_cfg.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_cfg.cont_idx=db:zeek.synchrophasor_cfg.cont_idx;group:zeek_synchrophasor;kind:integer;friendly:cont_idx;help:cont_idx -zeek.synchrophasor_cfg.pmu_count_expected=db:zeek.synchrophasor_cfg.pmu_count_expected;group:zeek_synchrophasor;kind:integer;friendly:pmu_count_expected;help:pmu_count_expected -zeek.synchrophasor_cfg.pmu_count_actual=db:zeek.synchrophasor_cfg.pmu_count_actual;group:zeek_synchrophasor;kind:integer;friendly:pmu_count_actual;help:pmu_count_actual -zeek.synchrophasor_cfg.cfg_frame_id=db:zeek.synchrophasor_cfg.cfg_frame_id;group:zeek_synchrophasor;kind:termfield;friendly:cfg_frame_id;help:cfg_frame_id +zeek.synchrophasor_cfg.cont_idx=db:zeek.synchrophasor_cfg.cont_idx;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:cont_idx;help:cont_idx +zeek.synchrophasor_cfg.pmu_count_expected=db:zeek.synchrophasor_cfg.pmu_count_expected;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_count_expected;help:pmu_count_expected +zeek.synchrophasor_cfg.pmu_count_actual=db:zeek.synchrophasor_cfg.pmu_count_actual;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_count_actual;help:pmu_count_actual +zeek.synchrophasor_cfg.cfg_frame_id=db:zeek.synchrophasor_cfg.cfg_frame_id;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:cfg_frame_id;help:cfg_frame_id # synchrophasor_cfg_detail.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_cfg_detail.cfg_frame_id=db:zeek.synchrophasor_cfg_detail.cfg_frame_id;group:zeek_synchrophasor;kind:termfield;friendly:cfg_frame_id;help:cfg_frame_id -zeek.synchrophasor_cfg_detail.pmu_idx=db:zeek.synchrophasor_cfg_detail.pmu_idx;group:zeek_synchrophasor;kind:integer;friendly:pmu_idx;help:pmu_idx -zeek.synchrophasor_cfg_detail.svc_class=db:zeek.synchrophasor_cfg_detail.svc_class;group:zeek_synchrophasor;kind:termfield;friendly:svc_class;help:svc_class -zeek.synchrophasor_cfg_detail.station_name=db:zeek.synchrophasor_cfg_detail.station_name;group:zeek_synchrophasor;kind:termfield;friendly:station_name;help:station_name -zeek.synchrophasor_cfg_detail.data_source_id=db:zeek.synchrophasor_cfg_detail.data_source_id;group:zeek_synchrophasor;kind:integer;friendly:data_source_id;help:data_source_id -zeek.synchrophasor_cfg_detail.global_pmuid=db:zeek.synchrophasor_cfg_detail.global_pmuid;group:zeek_synchrophasor;kind:termfield;friendly:global_pmuid;help:global_pmuid -zeek.synchrophasor_cfg_detail.phasor_shape=db:zeek.synchrophasor_cfg_detail.phasor_shape;group:zeek_synchrophasor;kind:termfield;friendly:phasor_shape;help:phasor_shape -zeek.synchrophasor_cfg_detail.phasor_format=db:zeek.synchrophasor_cfg_detail.phasor_format;group:zeek_synchrophasor;kind:termfield;friendly:phasor_format;help:phasor_format -zeek.synchrophasor_cfg_detail.analog_format=db:zeek.synchrophasor_cfg_detail.analog_format;group:zeek_synchrophasor;kind:termfield;friendly:analog_format;help:analog_format -zeek.synchrophasor_cfg_detail.freq_format=db:zeek.synchrophasor_cfg_detail.freq_format;group:zeek_synchrophasor;kind:termfield;friendly:freq_format;help:freq_format -zeek.synchrophasor_cfg_detail.phnmr=db:zeek.synchrophasor_cfg_detail.phnmr;group:zeek_synchrophasor;kind:integer;friendly:phnmr;help:phnmr -zeek.synchrophasor_cfg_detail.annmr=db:zeek.synchrophasor_cfg_detail.annmr;group:zeek_synchrophasor;kind:integer;friendly:annmr;help:annmr -zeek.synchrophasor_cfg_detail.dgnmr=db:zeek.synchrophasor_cfg_detail.dgnmr;group:zeek_synchrophasor;kind:integer;friendly:dgnmr;help:dgnmr -zeek.synchrophasor_cfg_detail.phnam=db:zeek.synchrophasor_cfg_detail.phnam;group:zeek_synchrophasor;kind:termfield;friendly:phnam;help:phnam -zeek.synchrophasor_cfg_detail.annam=db:zeek.synchrophasor_cfg_detail.annam;group:zeek_synchrophasor;kind:termfield;friendly:annam;help:annam -zeek.synchrophasor_cfg_detail.dgnam=db:zeek.synchrophasor_cfg_detail.dgnam;group:zeek_synchrophasor;kind:termfield;friendly:dgnam;help:dgnam -zeek.synchrophasor_cfg_detail.phasor_conv_phunit=db:zeek.synchrophasor_cfg_detail.phasor_conv_phunit;group:zeek_synchrophasor;kind:integer;friendly:phasor_conv_phunit;help:phasor_conv_phunit -zeek.synchrophasor_cfg_detail.phasor_conv_phvalue=db:zeek.synchrophasor_cfg_detail.phasor_conv_phvalue;group:zeek_synchrophasor;kind:integer;friendly:phasor_conv_phvalue;help:phasor_conv_phvalue -zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_interpolation=db:zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_interpolation;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_upsampled_interpolation;help:phasor_conv_upsampled_interpolation -zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_extrapolation=db:zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_extrapolation;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_upsampled_extrapolation;help:phasor_conv_upsampled_extrapolation -zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_reselection=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_reselection;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_downsampled_reselection;help:phasor_conv_downsampled_reselection -zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_fir_filter=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_fir_filter;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_downsampled_fir_filter;help:phasor_conv_downsampled_fir_filter -zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_no_fir_filter=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_no_fir_filter;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_downsampled_no_fir_filter;help:phasor_conv_downsampled_no_fir_filter -zeek.synchrophasor_cfg_detail.phasor_conv_filtered_without_changing_sampling=db:zeek.synchrophasor_cfg_detail.phasor_conv_filtered_without_changing_sampling;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_filtered_without_changing_sampling;help:phasor_conv_filtered_without_changing_sampling -zeek.synchrophasor_cfg_detail.phasor_conv_calibration_mag_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_calibration_mag_adj;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_calibration_mag_adj;help:phasor_conv_calibration_mag_adj -zeek.synchrophasor_cfg_detail.phasor_conv_calibration_phas_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_calibration_phas_adj;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_calibration_phas_adj;help:phasor_conv_calibration_phas_adj -zeek.synchrophasor_cfg_detail.phasor_conv_rotation_phase_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_rotation_phase_adj;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_rotation_phase_adj;help:phasor_conv_rotation_phase_adj -zeek.synchrophasor_cfg_detail.phasor_conv_pseudo_phasor_val=db:zeek.synchrophasor_cfg_detail.phasor_conv_pseudo_phasor_val;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_pseudo_phasor_val;help:phasor_conv_pseudo_phasor_val -zeek.synchrophasor_cfg_detail.phasor_conv_mod_appl=db:zeek.synchrophasor_cfg_detail.phasor_conv_mod_appl;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_mod_appl;help:phasor_conv_mod_appl -zeek.synchrophasor_cfg_detail.phasor_conv_phasor_component=db:zeek.synchrophasor_cfg_detail.phasor_conv_phasor_component;group:zeek_synchrophasor;kind:integer;friendly:phasor_conv_phasor_component;help:phasor_conv_phasor_component -zeek.synchrophasor_cfg_detail.phasor_conv_phasor_type=db:zeek.synchrophasor_cfg_detail.phasor_conv_phasor_type;group:zeek_synchrophasor;kind:termfield;friendly:phasor_conv_phasor_type;help:phasor_conv_phasor_type -zeek.synchrophasor_cfg_detail.phasor_conv_user_def=db:zeek.synchrophasor_cfg_detail.phasor_conv_user_def;group:zeek_synchrophasor;kind:integer;friendly:phasor_conv_user_def;help:phasor_conv_user_def -zeek.synchrophasor_cfg_detail.phasor_conv_scale_factor=db:zeek.synchrophasor_cfg_detail.phasor_conv_scale_factor;group:zeek_synchrophasor;kind:float;friendly:phasor_conv_scale_factor;help:phasor_conv_scale_factor -zeek.synchrophasor_cfg_detail.phasor_conv_angle_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_angle_adj;group:zeek_synchrophasor;kind:float;friendly:phasor_conv_angle_adj;help:phasor_conv_angle_adj -zeek.synchrophasor_cfg_detail.analog_conv_analog_flags=db:zeek.synchrophasor_cfg_detail.analog_conv_analog_flags;group:zeek_synchrophasor;kind:integer;friendly:analog_conv_analog_flags;help:analog_conv_analog_flags -zeek.synchrophasor_cfg_detail.analog_conv_user_defined_scaling=db:zeek.synchrophasor_cfg_detail.analog_conv_user_defined_scaling;group:zeek_synchrophasor;kind:integer;friendly:analog_conv_user_defined_scaling;help:analog_conv_user_defined_scaling -zeek.synchrophasor_cfg_detail.analog_conv_mag_scale=db:zeek.synchrophasor_cfg_detail.analog_conv_mag_scale;group:zeek_synchrophasor;kind:float;friendly:analog_conv_mag_scale;help:analog_conv_mag_scale -zeek.synchrophasor_cfg_detail.analog_conv_offset=db:zeek.synchrophasor_cfg_detail.analog_conv_offset;group:zeek_synchrophasor;kind:float;friendly:analog_conv_offset;help:analog_conv_offset -zeek.synchrophasor_cfg_detail.digital_conv_normal_status_mask=db:zeek.synchrophasor_cfg_detail.digital_conv_normal_status_mask;group:zeek_synchrophasor;kind:integer;friendly:digital_conv_normal_status_mask;help:digital_conv_normal_status_mask -zeek.synchrophasor_cfg_detail.digital_conv_valid_inputs_mask=db:zeek.synchrophasor_cfg_detail.digital_conv_valid_inputs_mask;group:zeek_synchrophasor;kind:integer;friendly:digital_conv_valid_inputs_mask;help:digital_conv_valid_inputs_mask -zeek.synchrophasor_cfg_detail.pmu_lat=db:zeek.synchrophasor_cfg_detail.pmu_lat;group:zeek_synchrophasor;kind:float;friendly:pmu_lat;help:pmu_lat -zeek.synchrophasor_cfg_detail.pmu_lon=db:zeek.synchrophasor_cfg_detail.pmu_lon;group:zeek_synchrophasor;kind:float;friendly:pmu_lon;help:pmu_lon -zeek.synchrophasor_cfg_detail.pmu_elev=db:zeek.synchrophasor_cfg_detail.pmu_elev;group:zeek_synchrophasor;kind:float;friendly:pmu_elev;help:pmu_elev -zeek.synchrophasor_cfg_detail.window=db:zeek.synchrophasor_cfg_detail.window;group:zeek_synchrophasor;kind:integer;friendly:window;help:window -zeek.synchrophasor_cfg_detail.group_delay=db:zeek.synchrophasor_cfg_detail.group_delay;group:zeek_synchrophasor;kind:integer;friendly:group_delay;help:group_delay -zeek.synchrophasor_cfg_detail.fnom=db:zeek.synchrophasor_cfg_detail.fnom;group:zeek_synchrophasor;kind:integer;friendly:fnom;help:fnom -zeek.synchrophasor_cfg_detail.cfgcnt=db:zeek.synchrophasor_cfg_detail.cfgcnt;group:zeek_synchrophasor;kind:integer;friendly:cfgcnt;help:cfgcnt +zeek.synchrophasor_cfg_detail.cfg_frame_id=db:zeek.synchrophasor_cfg_detail.cfg_frame_id;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:cfg_frame_id;help:cfg_frame_id +zeek.synchrophasor_cfg_detail.pmu_idx=db:zeek.synchrophasor_cfg_detail.pmu_idx;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_idx;help:pmu_idx +zeek.synchrophasor_cfg_detail.svc_class=db:zeek.synchrophasor_cfg_detail.svc_class;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:svc_class;help:svc_class +zeek.synchrophasor_cfg_detail.station_name=db:zeek.synchrophasor_cfg_detail.station_name;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:station_name;help:station_name +zeek.synchrophasor_cfg_detail.data_source_id=db:zeek.synchrophasor_cfg_detail.data_source_id;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:data_source_id;help:data_source_id +zeek.synchrophasor_cfg_detail.global_pmuid=db:zeek.synchrophasor_cfg_detail.global_pmuid;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:global_pmuid;help:global_pmuid +zeek.synchrophasor_cfg_detail.phasor_shape=db:zeek.synchrophasor_cfg_detail.phasor_shape;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_shape;help:phasor_shape +zeek.synchrophasor_cfg_detail.phasor_format=db:zeek.synchrophasor_cfg_detail.phasor_format;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_format;help:phasor_format +zeek.synchrophasor_cfg_detail.analog_format=db:zeek.synchrophasor_cfg_detail.analog_format;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:analog_format;help:analog_format +zeek.synchrophasor_cfg_detail.freq_format=db:zeek.synchrophasor_cfg_detail.freq_format;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:freq_format;help:freq_format +zeek.synchrophasor_cfg_detail.phnmr=db:zeek.synchrophasor_cfg_detail.phnmr;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:phnmr;help:phnmr +zeek.synchrophasor_cfg_detail.annmr=db:zeek.synchrophasor_cfg_detail.annmr;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:annmr;help:annmr +zeek.synchrophasor_cfg_detail.dgnmr=db:zeek.synchrophasor_cfg_detail.dgnmr;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:dgnmr;help:dgnmr +zeek.synchrophasor_cfg_detail.phnam=db:zeek.synchrophasor_cfg_detail.phnam;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phnam;help:phnam +zeek.synchrophasor_cfg_detail.annam=db:zeek.synchrophasor_cfg_detail.annam;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:annam;help:annam +zeek.synchrophasor_cfg_detail.dgnam=db:zeek.synchrophasor_cfg_detail.dgnam;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:dgnam;help:dgnam +zeek.synchrophasor_cfg_detail.phasor_conv_phunit=db:zeek.synchrophasor_cfg_detail.phasor_conv_phunit;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:phasor_conv_phunit;help:phasor_conv_phunit +zeek.synchrophasor_cfg_detail.phasor_conv_phvalue=db:zeek.synchrophasor_cfg_detail.phasor_conv_phvalue;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:phasor_conv_phvalue;help:phasor_conv_phvalue +zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_interpolation=db:zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_interpolation;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_upsampled_interpolation;help:phasor_conv_upsampled_interpolation +zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_extrapolation=db:zeek.synchrophasor_cfg_detail.phasor_conv_upsampled_extrapolation;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_upsampled_extrapolation;help:phasor_conv_upsampled_extrapolation +zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_reselection=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_reselection;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_downsampled_reselection;help:phasor_conv_downsampled_reselection +zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_fir_filter=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_fir_filter;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_downsampled_fir_filter;help:phasor_conv_downsampled_fir_filter +zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_no_fir_filter=db:zeek.synchrophasor_cfg_detail.phasor_conv_downsampled_no_fir_filter;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_downsampled_no_fir_filter;help:phasor_conv_downsampled_no_fir_filter +zeek.synchrophasor_cfg_detail.phasor_conv_filtered_without_changing_sampling=db:zeek.synchrophasor_cfg_detail.phasor_conv_filtered_without_changing_sampling;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_filtered_without_changing_sampling;help:phasor_conv_filtered_without_changing_sampling +zeek.synchrophasor_cfg_detail.phasor_conv_calibration_mag_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_calibration_mag_adj;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_calibration_mag_adj;help:phasor_conv_calibration_mag_adj +zeek.synchrophasor_cfg_detail.phasor_conv_calibration_phas_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_calibration_phas_adj;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_calibration_phas_adj;help:phasor_conv_calibration_phas_adj +zeek.synchrophasor_cfg_detail.phasor_conv_rotation_phase_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_rotation_phase_adj;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_rotation_phase_adj;help:phasor_conv_rotation_phase_adj +zeek.synchrophasor_cfg_detail.phasor_conv_pseudo_phasor_val=db:zeek.synchrophasor_cfg_detail.phasor_conv_pseudo_phasor_val;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_pseudo_phasor_val;help:phasor_conv_pseudo_phasor_val +zeek.synchrophasor_cfg_detail.phasor_conv_mod_appl=db:zeek.synchrophasor_cfg_detail.phasor_conv_mod_appl;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_mod_appl;help:phasor_conv_mod_appl +zeek.synchrophasor_cfg_detail.phasor_conv_phasor_component=db:zeek.synchrophasor_cfg_detail.phasor_conv_phasor_component;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:phasor_conv_phasor_component;help:phasor_conv_phasor_component +zeek.synchrophasor_cfg_detail.phasor_conv_phasor_type=db:zeek.synchrophasor_cfg_detail.phasor_conv_phasor_type;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:phasor_conv_phasor_type;help:phasor_conv_phasor_type +zeek.synchrophasor_cfg_detail.phasor_conv_user_def=db:zeek.synchrophasor_cfg_detail.phasor_conv_user_def;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:phasor_conv_user_def;help:phasor_conv_user_def +zeek.synchrophasor_cfg_detail.phasor_conv_scale_factor=db:zeek.synchrophasor_cfg_detail.phasor_conv_scale_factor;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:phasor_conv_scale_factor;help:phasor_conv_scale_factor +zeek.synchrophasor_cfg_detail.phasor_conv_angle_adj=db:zeek.synchrophasor_cfg_detail.phasor_conv_angle_adj;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:phasor_conv_angle_adj;help:phasor_conv_angle_adj +zeek.synchrophasor_cfg_detail.analog_conv_analog_flags=db:zeek.synchrophasor_cfg_detail.analog_conv_analog_flags;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:analog_conv_analog_flags;help:analog_conv_analog_flags +zeek.synchrophasor_cfg_detail.analog_conv_user_defined_scaling=db:zeek.synchrophasor_cfg_detail.analog_conv_user_defined_scaling;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:analog_conv_user_defined_scaling;help:analog_conv_user_defined_scaling +zeek.synchrophasor_cfg_detail.analog_conv_mag_scale=db:zeek.synchrophasor_cfg_detail.analog_conv_mag_scale;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:analog_conv_mag_scale;help:analog_conv_mag_scale +zeek.synchrophasor_cfg_detail.analog_conv_offset=db:zeek.synchrophasor_cfg_detail.analog_conv_offset;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:analog_conv_offset;help:analog_conv_offset +zeek.synchrophasor_cfg_detail.digital_conv_normal_status_mask=db:zeek.synchrophasor_cfg_detail.digital_conv_normal_status_mask;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:digital_conv_normal_status_mask;help:digital_conv_normal_status_mask +zeek.synchrophasor_cfg_detail.digital_conv_valid_inputs_mask=db:zeek.synchrophasor_cfg_detail.digital_conv_valid_inputs_mask;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:digital_conv_valid_inputs_mask;help:digital_conv_valid_inputs_mask +zeek.synchrophasor_cfg_detail.pmu_lat=db:zeek.synchrophasor_cfg_detail.pmu_lat;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:pmu_lat;help:pmu_lat +zeek.synchrophasor_cfg_detail.pmu_lon=db:zeek.synchrophasor_cfg_detail.pmu_lon;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:pmu_lon;help:pmu_lon +zeek.synchrophasor_cfg_detail.pmu_elev=db:zeek.synchrophasor_cfg_detail.pmu_elev;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:pmu_elev;help:pmu_elev +zeek.synchrophasor_cfg_detail.window=db:zeek.synchrophasor_cfg_detail.window;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:window;help:window +zeek.synchrophasor_cfg_detail.group_delay=db:zeek.synchrophasor_cfg_detail.group_delay;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:group_delay;help:group_delay +zeek.synchrophasor_cfg_detail.fnom=db:zeek.synchrophasor_cfg_detail.fnom;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:fnom;help:fnom +zeek.synchrophasor_cfg_detail.cfgcnt=db:zeek.synchrophasor_cfg_detail.cfgcnt;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:cfgcnt;help:cfgcnt # synchrophasor_data.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_data.pmu_count_expected=db:zeek.synchrophasor_data.pmu_count_expected;group:zeek_synchrophasor;kind:integer;friendly:pmu_count_expected;help:pmu_count_expected -zeek.synchrophasor_data.pmu_count_actual=db:zeek.synchrophasor_data.pmu_count_actual;group:zeek_synchrophasor;kind:integer;friendly:pmu_count_actual;help:pmu_count_actual -zeek.synchrophasor_data.data_frame_id=db:zeek.synchrophasor_data.data_frame_id;group:zeek_synchrophasor;kind:termfield;friendly:data_frame_id;help:data_frame_id +zeek.synchrophasor_data.pmu_count_expected=db:zeek.synchrophasor_data.pmu_count_expected;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_count_expected;help:pmu_count_expected +zeek.synchrophasor_data.pmu_count_actual=db:zeek.synchrophasor_data.pmu_count_actual;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_count_actual;help:pmu_count_actual +zeek.synchrophasor_data.data_frame_id=db:zeek.synchrophasor_data.data_frame_id;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_frame_id;help:data_frame_id # synchrophasor_data_detail.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_data_detail.data_frame_id=db:zeek.synchrophasor_data_detail.data_frame_id;group:zeek_synchrophasor;kind:termfield;friendly:data_frame_id;help:data_frame_id -zeek.synchrophasor_data_detail.pmu_idx=db:zeek.synchrophasor_data_detail.pmu_idx;group:zeek_synchrophasor;kind:integer;friendly:pmu_idx;help:pmu_idx -zeek.synchrophasor_data_detail.trigger_reason=db:zeek.synchrophasor_data_detail.trigger_reason;group:zeek_synchrophasor;kind:integer;friendly:trigger_reason;help:trigger_reason -zeek.synchrophasor_data_detail.unlocked_time=db:zeek.synchrophasor_data_detail.unlocked_time;group:zeek_synchrophasor;kind:integer;friendly:unlocked_time;help:unlocked_time -zeek.synchrophasor_data_detail.pmu_time_quality=db:zeek.synchrophasor_data_detail.pmu_time_quality;group:zeek_synchrophasor;kind:integer;friendly:pmu_time_quality;help:pmu_time_quality -zeek.synchrophasor_data_detail.data_modified=db:zeek.synchrophasor_data_detail.data_modified;group:zeek_synchrophasor;kind:termfield;friendly:data_modified;help:data_modified -zeek.synchrophasor_data_detail.config_change=db:zeek.synchrophasor_data_detail.config_change;group:zeek_synchrophasor;kind:termfield;friendly:config_change;help:config_change -zeek.synchrophasor_data_detail.pmu_trigger_pickup=db:zeek.synchrophasor_data_detail.pmu_trigger_pickup;group:zeek_synchrophasor;kind:termfield;friendly:pmu_trigger_pickup;help:pmu_trigger_pickup -zeek.synchrophasor_data_detail.data_sorting_type=db:zeek.synchrophasor_data_detail.data_sorting_type;group:zeek_synchrophasor;kind:termfield;friendly:data_sorting_type;help:data_sorting_type -zeek.synchrophasor_data_detail.pmu_sync_error=db:zeek.synchrophasor_data_detail.pmu_sync_error;group:zeek_synchrophasor;kind:termfield;friendly:pmu_sync_error;help:pmu_sync_error -zeek.synchrophasor_data_detail.data_error_indicator=db:zeek.synchrophasor_data_detail.data_error_indicator;group:zeek_synchrophasor;kind:integer;friendly:data_error_indicator;help:data_error_indicator -zeek.synchrophasor_data_detail.est_rectangular_real=db:zeek.synchrophasor_data_detail.est_rectangular_real;group:zeek_synchrophasor;kind:float;friendly:est_rectangular_real;help:est_rectangular_real -zeek.synchrophasor_data_detail.est_rectangular_imaginary=db:zeek.synchrophasor_data_detail.est_rectangular_imaginary;group:zeek_synchrophasor;kind:float;friendly:est_rectangular_imaginary;help:est_rectangular_imaginary -zeek.synchrophasor_data_detail.est_polar_magnitude=db:zeek.synchrophasor_data_detail.est_polar_magnitude;group:zeek_synchrophasor;kind:float;friendly:est_polar_magnitude;help:est_polar_magnitude -zeek.synchrophasor_data_detail.est_polar_angle=db:zeek.synchrophasor_data_detail.est_polar_angle;group:zeek_synchrophasor;kind:float;friendly:est_polar_angle;help:est_polar_angle -zeek.synchrophasor_data_detail.freq_dev_mhz=db:zeek.synchrophasor_data_detail.freq_dev_mhz;group:zeek_synchrophasor;kind:float;friendly:freq_dev_mhz;help:freq_dev_mhz -zeek.synchrophasor_data_detail.rocof=db:zeek.synchrophasor_data_detail.rocof;group:zeek_synchrophasor;kind:float;friendly:rocof;help:rocof -zeek.synchrophasor_data_detail.analog_data=db:zeek.synchrophasor_data_detail.analog_data;group:zeek_synchrophasor;kind:float;friendly:analog_data;help:analog_data -zeek.synchrophasor_data_detail.digital=db:zeek.synchrophasor_data_detail.digital;group:zeek_synchrophasor;kind:integer;friendly:digital;help:digital +zeek.synchrophasor_data_detail.data_frame_id=db:zeek.synchrophasor_data_detail.data_frame_id;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_frame_id;help:data_frame_id +zeek.synchrophasor_data_detail.pmu_idx=db:zeek.synchrophasor_data_detail.pmu_idx;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_idx;help:pmu_idx +zeek.synchrophasor_data_detail.trigger_reason=db:zeek.synchrophasor_data_detail.trigger_reason;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:trigger_reason;help:trigger_reason +zeek.synchrophasor_data_detail.unlocked_time=db:zeek.synchrophasor_data_detail.unlocked_time;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:unlocked_time;help:unlocked_time +zeek.synchrophasor_data_detail.pmu_time_quality=db:zeek.synchrophasor_data_detail.pmu_time_quality;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:pmu_time_quality;help:pmu_time_quality +zeek.synchrophasor_data_detail.data_modified=db:zeek.synchrophasor_data_detail.data_modified;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_modified;help:data_modified +zeek.synchrophasor_data_detail.config_change=db:zeek.synchrophasor_data_detail.config_change;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:config_change;help:config_change +zeek.synchrophasor_data_detail.pmu_trigger_pickup=db:zeek.synchrophasor_data_detail.pmu_trigger_pickup;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:pmu_trigger_pickup;help:pmu_trigger_pickup +zeek.synchrophasor_data_detail.data_sorting_type=db:zeek.synchrophasor_data_detail.data_sorting_type;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_sorting_type;help:data_sorting_type +zeek.synchrophasor_data_detail.pmu_sync_error=db:zeek.synchrophasor_data_detail.pmu_sync_error;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:pmu_sync_error;help:pmu_sync_error +zeek.synchrophasor_data_detail.data_error_indicator=db:zeek.synchrophasor_data_detail.data_error_indicator;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:data_error_indicator;help:data_error_indicator +zeek.synchrophasor_data_detail.est_rectangular_real=db:zeek.synchrophasor_data_detail.est_rectangular_real;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:est_rectangular_real;help:est_rectangular_real +zeek.synchrophasor_data_detail.est_rectangular_imaginary=db:zeek.synchrophasor_data_detail.est_rectangular_imaginary;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:est_rectangular_imaginary;help:est_rectangular_imaginary +zeek.synchrophasor_data_detail.est_polar_magnitude=db:zeek.synchrophasor_data_detail.est_polar_magnitude;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:est_polar_magnitude;help:est_polar_magnitude +zeek.synchrophasor_data_detail.est_polar_angle=db:zeek.synchrophasor_data_detail.est_polar_angle;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:est_polar_angle;help:est_polar_angle +zeek.synchrophasor_data_detail.freq_dev_mhz=db:zeek.synchrophasor_data_detail.freq_dev_mhz;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:freq_dev_mhz;help:freq_dev_mhz +zeek.synchrophasor_data_detail.rocof=db:zeek.synchrophasor_data_detail.rocof;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:rocof;help:rocof +zeek.synchrophasor_data_detail.analog_data=db:zeek.synchrophasor_data_detail.analog_data;group:zeek_synchrophasor;kind:float;viewerOnly:true;friendly:analog_data;help:analog_data +zeek.synchrophasor_data_detail.digital=db:zeek.synchrophasor_data_detail.digital;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:digital;help:digital # synchrophasor_hdr.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor_hdr.data=db:zeek.synchrophasor_hdr.data;group:zeek_synchrophasor;kind:termfield;friendly:data;help:data +zeek.synchrophasor_hdr.data=db:zeek.synchrophasor_hdr.data;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data;help:data # synchrophasor.log # https://github.com/cisagov/icsnpp-synchrophasor -zeek.synchrophasor.version=db:zeek.synchrophasor.version;group:zeek_synchrophasor;kind:termfield;friendly:version;help:version -zeek.synchrophasor.data_stream_id=db:zeek.synchrophasor.data_stream_id;group:zeek_synchrophasor;kind:termfield;friendly:data_stream_id;help:data_stream_id -zeek.synchrophasor.history=db:zeek.synchrophasor.history;group:zeek_synchrophasor;kind:termfield;friendly:history;help:history -zeek.synchrophasor.frame_size_min=db:zeek.synchrophasor.frame_size_min;group:zeek_synchrophasor;kind:integer;friendly:frame_size_min;help:frame_size_min -zeek.synchrophasor.frame_size_max=db:zeek.synchrophasor.frame_size_max;group:zeek_synchrophasor;kind:integer;friendly:frame_size_max;help:frame_size_max -zeek.synchrophasor.frame_size_tot=db:zeek.synchrophasor.frame_size_tot;group:zeek_synchrophasor;kind:integer;friendly:frame_size_tot;help:frame_size_tot -zeek.synchrophasor.data_frame_count=db:zeek.synchrophasor.data_frame_count;group:zeek_synchrophasor;kind:integer;friendly:data_frame_count;help:data_frame_count -zeek.synchrophasor.data_rate=db:zeek.synchrophasor.data_rate;group:zeek_synchrophasor;kind:termfield;friendly:data_rate;help:data_rate -zeek.synchrophasor.header_time_stamp=db:zeek.synchrophasor.header_time_stamp;group:zeek_synchrophasor;kind:termfield;friendly:header_time_stamp;help:header_time_stamp -zeek.synchrophasor.frame_type=db:zeek.synchrophasor.frame_type;group:zeek_synchrophasor;kind:termfield;friendly:frame_type;help:frame_type -zeek.synchrophasor.frame_size=db:zeek.synchrophasor.frame_size;group:zeek_synchrophasor;kind:integer;friendly:frame_size;help:frame_size +zeek.synchrophasor.version=db:zeek.synchrophasor.version;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:version;help:version +zeek.synchrophasor.data_stream_id=db:zeek.synchrophasor.data_stream_id;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_stream_id;help:data_stream_id +zeek.synchrophasor.history=db:zeek.synchrophasor.history;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:history;help:history +zeek.synchrophasor.frame_size_min=db:zeek.synchrophasor.frame_size_min;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:frame_size_min;help:frame_size_min +zeek.synchrophasor.frame_size_max=db:zeek.synchrophasor.frame_size_max;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:frame_size_max;help:frame_size_max +zeek.synchrophasor.frame_size_tot=db:zeek.synchrophasor.frame_size_tot;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:frame_size_tot;help:frame_size_tot +zeek.synchrophasor.data_frame_count=db:zeek.synchrophasor.data_frame_count;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:data_frame_count;help:data_frame_count +zeek.synchrophasor.data_rate=db:zeek.synchrophasor.data_rate;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:data_rate;help:data_rate +zeek.synchrophasor.header_time_stamp=db:zeek.synchrophasor.header_time_stamp;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:header_time_stamp;help:header_time_stamp +zeek.synchrophasor.frame_type=db:zeek.synchrophasor.frame_type;group:zeek_synchrophasor;kind:termfield;viewerOnly:true;friendly:frame_type;help:frame_type +zeek.synchrophasor.frame_size=db:zeek.synchrophasor.frame_size;group:zeek_synchrophasor;kind:integer;viewerOnly:true;friendly:frame_size;help:frame_size # syslog.log # https://docs.zeek.org/en/stable/scripts/base/protocols/syslog/main.zeek.html#type-Syslog::Info -zeek.syslog.facility=db:zeek.syslog.facility;group:zeek_syslog;kind:termfield;friendly:Facility;help:Facility -zeek.syslog.severity=db:zeek.syslog.severity;group:zeek_syslog;kind:termfield;friendly:Severity;help:Severity -zeek.syslog.message=db:zeek.syslog.message;group:zeek_syslog;kind:termfield;friendly:Message;help:Message +zeek.syslog.facility=db:zeek.syslog.facility;group:zeek_syslog;kind:termfield;viewerOnly:true;friendly:Facility;help:Facility +zeek.syslog.severity=db:zeek.syslog.severity;group:zeek_syslog;kind:termfield;viewerOnly:true;friendly:Severity;help:Severity +zeek.syslog.message=db:zeek.syslog.message;group:zeek_syslog;kind:termfield;viewerOnly:true;friendly:Message;help:Message # tds.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek -zeek.tds.command=db:zeek.tds.command;group:zeek_tds;kind:termfield;friendly:Command;help:Command +zeek.tds.command=db:zeek.tds.command;group:zeek_tds;kind:termfield;viewerOnly:true;friendly:Command;help:Command # tds_rpc.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek -zeek.tds_rpc.procedure_name=db:zeek.tds_rpc.procedure_name;group:zeek_tds;kind:termfield;friendly:Procedure;help:Procedure -zeek.tds_rpc.parameters=db:zeek.tds_rpc.parameters;group:zeek_tds;kind:termfield;friendly:Parameters;help:Parameters +zeek.tds_rpc.procedure_name=db:zeek.tds_rpc.procedure_name;group:zeek_tds;kind:termfield;viewerOnly:true;friendly:Procedure;help:Procedure +zeek.tds_rpc.parameters=db:zeek.tds_rpc.parameters;group:zeek_tds;kind:termfield;viewerOnly:true;friendly:Parameters;help:Parameters # tds_sql_batch.log - https://github.com/amzn/zeek-plugin-tds # https://github.com/amzn/zeek-plugin-tds/blob/master/scripts/main.zeek -zeek.tds_sql_batch.header_type=db:zeek.tds_sql_batch.header_type;group:zeek_tds;kind:termfield;friendly:Header Type;help:Header Type -zeek.tds_sql_batch.query=db:zeek.tds_sql_batch.query;group:zeek_tds;kind:termfield;friendly:Query;help:Query +zeek.tds_sql_batch.header_type=db:zeek.tds_sql_batch.header_type;group:zeek_tds;kind:termfield;viewerOnly:true;friendly:Header Type;help:Header Type +zeek.tds_sql_batch.query=db:zeek.tds_sql_batch.query;group:zeek_tds;kind:termfield;viewerOnly:true;friendly:Query;help:Query # tftp.log # https://github.com/zeek/spicy-tftp -zeek.tftp.block_acked=db:zeek.tftp.block_acked;group:zeek_tftp;kind:integer;friendly:Highest Block ACKed;help:Highest Block ACKed -zeek.tftp.block_sent=db:zeek.tftp.block_sent;group:zeek_tftp;kind:integer;friendly:Highest Block Sent;help:Highest Block Sent -zeek.tftp.error_code=db:zeek.tftp.error_code;group:zeek_tftp;kind:integer;friendly:Error Code;help:Error Code -zeek.tftp.error_msg=db:zeek.tftp.error_msg;group:zeek_tftp;kind:integer;friendly:Error Message;help:Error Message -zeek.tftp.fname=db:zeek.tftp.fname;group:zeek_tftp;kind:termfield;friendly:File Name;help:File Name -zeek.tftp.mode=db:zeek.tftp.mode;group:zeek_tftp;kind:termfield;friendly:Transfer Mode;help:Transfer Mode -zeek.tftp.size=db:zeek.tftp.size;group:zeek_tftp;kind:termfield;friendly:Transfer Size;help:Transfer Size -zeek.tftp.uid_data=db:zeek.tftp.uid_data;group:zeek_tftp;kind:termfield;friendly:Data Connection ID;help:Data Connection ID -zeek.tftp.wrq=db:zeek.tftp.wrq;group:zeek_tftp;kind:termfield;friendly:Write Request;help:Write Request +zeek.tftp.block_acked=db:zeek.tftp.block_acked;group:zeek_tftp;kind:integer;viewerOnly:true;friendly:Highest Block ACKed;help:Highest Block ACKed +zeek.tftp.block_sent=db:zeek.tftp.block_sent;group:zeek_tftp;kind:integer;viewerOnly:true;friendly:Highest Block Sent;help:Highest Block Sent +zeek.tftp.error_code=db:zeek.tftp.error_code;group:zeek_tftp;kind:integer;viewerOnly:true;friendly:Error Code;help:Error Code +zeek.tftp.error_msg=db:zeek.tftp.error_msg;group:zeek_tftp;kind:integer;viewerOnly:true;friendly:Error Message;help:Error Message +zeek.tftp.fname=db:zeek.tftp.fname;group:zeek_tftp;kind:termfield;viewerOnly:true;friendly:File Name;help:File Name +zeek.tftp.mode=db:zeek.tftp.mode;group:zeek_tftp;kind:termfield;viewerOnly:true;friendly:Transfer Mode;help:Transfer Mode +zeek.tftp.size=db:zeek.tftp.size;group:zeek_tftp;kind:termfield;viewerOnly:true;friendly:Transfer Size;help:Transfer Size +zeek.tftp.uid_data=db:zeek.tftp.uid_data;group:zeek_tftp;kind:termfield;viewerOnly:true;friendly:Data Connection ID;help:Data Connection ID +zeek.tftp.wrq=db:zeek.tftp.wrq;group:zeek_tftp;kind:termfield;viewerOnly:true;friendly:Write Request;help:Write Request # tunnel.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/tunnels/main.zeek.html#type-Tunnel::Info -zeek.tunnel.tunnel_type=db:zeek.tunnel.tunnel_type;group:zeek_tunnel;kind:termfield;friendly:Tunnel Type;help:Tunnel Type -zeek.tunnel.action=db:zeek.tunnel.action;group:zeek_tunnel;kind:termfield;friendly:Action;help:Action +zeek.tunnel.tunnel_type=db:zeek.tunnel.tunnel_type;group:zeek_tunnel;kind:termfield;viewerOnly:true;friendly:Tunnel Type;help:Tunnel Type +zeek.tunnel.action=db:zeek.tunnel.action;group:zeek_tunnel;kind:termfield;viewerOnly:true;friendly:Action;help:Action # weird.log # https://docs.zeek.org/en/stable/scripts/base/frameworks/notice/weird.zeek.html#type-Weird::Info -zeek.weird.name=db:zeek.weird.name;group:zeek_weird;kind:termfield;friendly:Name;help:Name -zeek.weird.addl=db:zeek.weird.addl;group:zeek_weird;kind:termfield;friendly:Additional Info;help:Additional Info -zeek.weird.notice=db:zeek.weird.notice;group:zeek_weird;kind:termfield;friendly:Notice;help:Generated a notice -zeek.weird.peer=db:zeek.weird.peer;group:zeek_weird;kind:termfield;friendly:Remote Peer;help:Remote Peer +zeek.weird.name=db:zeek.weird.name;group:zeek_weird;kind:termfield;viewerOnly:true;friendly:Name;help:Name +zeek.weird.addl=db:zeek.weird.addl;group:zeek_weird;kind:termfield;viewerOnly:true;friendly:Additional Info;help:Additional Info +zeek.weird.notice=db:zeek.weird.notice;group:zeek_weird;kind:termfield;viewerOnly:true;friendly:Notice;help:Generated a notice +zeek.weird.peer=db:zeek.weird.peer;group:zeek_weird;kind:termfield;viewerOnly:true;friendly:Remote Peer;help:Remote Peer # wireguard.log # https://github.com/corelight/zeek-spicy-wireguard/blob/master/analyzer/main.zeek -zeek.wireguard.established=db:zeek.wireguard.established;group:zeek_wireguard;kind:termfield;friendly:Established;help:Established -zeek.wireguard.initiations=db:zeek.wireguard.initiations;group:zeek_wireguard;kind:integer;friendly:Initiation Packets;help:Initiation Packets -zeek.wireguard.responses=db:zeek.wireguard.responses;group:zeek_wireguard;kind:integer;friendly:Response Packets;help:Response Packets +zeek.wireguard.established=db:zeek.wireguard.established;group:zeek_wireguard;kind:termfield;viewerOnly:true;friendly:Established;help:Established +zeek.wireguard.initiations=db:zeek.wireguard.initiations;group:zeek_wireguard;kind:integer;viewerOnly:true;friendly:Initiation Packets;help:Initiation Packets +zeek.wireguard.responses=db:zeek.wireguard.responses;group:zeek_wireguard;kind:integer;viewerOnly:true;friendly:Response Packets;help:Response Packets # x509.log # https://docs.zeek.org/en/stable/scripts/base/files/x509/main.zeek.html#type-X509::Info -zeek.x509.basic_constraints_ca=db:zeek.x509.basic_constraints_ca;group:zeek_x509;kind:termfield;friendly:CA Flag;help:CA Flag -zeek.x509.basic_constraints_path_len=db:zeek.x509.basic_constraints_path_len;group:zeek_x509;kind:integer;friendly:Maximum Path Length;help:Maximum Path Length -zeek.x509.certificate_curve=db:zeek.x509.certificate_curve;group:zeek_x509;kind:termfield;friendly:Elliptic Curve;help:Elliptic Curve -zeek.x509.certificate_exponent=db:zeek.x509.certificate_exponent;group:zeek_x509;kind:termfield;friendly:RSA Exponent;help:RSA Exponent -zeek.x509.certificate_issuer.C=db:zeek.x509.certificate_issuer.C;group:zeek_x509;kind:termfield;friendly:Issuer Country;help:Issuer Country -zeek.x509.certificate_issuer.CN=db:zeek.x509.certificate_issuer.CN;group:zeek_x509;kind:termfield;friendly:Issuer Common Name;help:Issuer Common Name -zeek.x509.certificate_issuer.DC=db:zeek.x509.certificate_issuer.DC;group:zeek_x509;kind:termfield;friendly:Issuer Common Name;help:Issuer Distinguished Name -zeek.x509.certificate_issuer.emailAddress=db:zeek.x509.certificate_issuer.emailAddress;group:zeek_x509;kind:termfield;friendly:Issuer Email Address;help:Issuer Email Address -zeek.x509.certificate_issuer.GN=db:zeek.x509.certificate_issuer.GN;group:zeek_x509;kind:termfield;friendly:Issuer Given Name;help:Issuer Given Name -zeek.x509.certificate_issuer.initials=db:zeek.x509.certificate_issuer.initials;group:zeek_x509;kind:termfield;friendly:Issuer Initials;help:Issuer Initials -zeek.x509.certificate_issuer.L=db:zeek.x509.certificate_issuer.L;group:zeek_x509;kind:termfield;friendly:Issuer Locality;help:Issuer Locality -zeek.x509.certificate_issuer.name=db:zeek.x509.certificate_issuer.name;group:zeek_x509;kind:termfield;friendly:Issuer Name;help:Issuer Name -zeek.x509.certificate_issuer.O=db:zeek.x509.certificate_issuer.O;group:zeek_x509;kind:termfield;friendly:Issuer Organization;help:Issuer Organization -zeek.x509.certificate_issuer.OU=db:zeek.x509.certificate_issuer.OU;group:zeek_x509;kind:termfield;friendly:Issuer Organization Unit;help:Issuer Organization Unit -zeek.x509.certificate_issuer.postalCode=db:zeek.x509.certificate_issuer.postalCode;group:zeek_x509;kind:termfield;friendly:Issuer Name;help:Issuer Postal Code -zeek.x509.certificate_issuer.pseudonym=db:zeek.x509.certificate_issuer.pseudonym;group:zeek_x509;kind:termfield;friendly:Issuer Pseudonym;help:Issuer Pseudonym -zeek.x509.certificate_issuer.serialNumber=db:zeek.x509.certificate_issuer.serialNumber;group:zeek_x509;kind:termfield;friendly:Issuer Serial Number;help:Issuer Serial Number -zeek.x509.certificate_issuer.SN=db:zeek.x509.certificate_issuer.SN;group:zeek_x509;kind:termfield;friendly:Issuer Surname;help:Issuer Surname -zeek.x509.certificate_issuer.ST=db:zeek.x509.certificate_issuer.ST;group:zeek_x509;kind:termfield;friendly:Issuer State;help:Issuer State -zeek.x509.certificate_issuer.street=db:zeek.x509.certificate_issuer.street;group:zeek_x509;kind:termfield;friendly:Issuer Street;help:Issuer Street -zeek.x509.certificate_issuer.title=db:zeek.x509.certificate_issuer.title;group:zeek_x509;kind:termfield;friendly:Issuer Title;help:Issuer Title -zeek.x509.certificate_issuer_full=db:zeek.x509.certificate_issuer_full;group:zeek_x509;kind:termfield;friendly:Issuer;help:Issuer -zeek.x509.certificate_key_alg=db:zeek.x509.certificate_key_alg;group:zeek_x509;kind:termfield;friendly:Key Algorithm;help:Key Algorithm -zeek.x509.certificate_key_length=db:zeek.x509.certificate_key_length;group:zeek_x509;kind:integer;friendly:Key Bitlength;help:Key Bitlength -zeek.x509.certificate_key_type=db:zeek.x509.certificate_key_type;group:zeek_x509;kind:termfield;friendly:Key Type;help:Key Type -zeek.x509.certificate_not_valid_after=db:zeek.x509.certificate_not_valid_after;group:zeek_x509;kind:termfield;friendly:Not Valid After;help:Not Valid After -zeek.x509.certificate_not_valid_before=db:zeek.x509.certificate_not_valid_before;group:zeek_x509;kind:termfield;friendly:Not Valid Before;help:Not Valid Before -zeek.x509.certificate_serial=db:zeek.x509.certificate_serial;group:zeek_x509;kind:termfield;friendly:Serial Number;help:Serial Number -zeek.x509.certificate_sig_alg=db:zeek.x509.certificate_sig_alg;group:zeek_x509;kind:termfield;friendly:Signature Algorithm;help:Signature Algorithm -zeek.x509.certificate_subject.businessCategory=db:zeek.x509.certificate_subject.businessCategory;group:zeek_x509;kind:termfield;friendly:Issuer Business Category;help:Subject Category -zeek.x509.certificate_subject.C=db:zeek.x509.certificate_subject.C;group:zeek_x509;kind:termfield;friendly:Subject Country;help:Subject Country -zeek.x509.certificate_subject.CN=db:zeek.x509.certificate_subject.CN;group:zeek_x509;kind:termfield;friendly:Subject Common Name;help:Subject Common Name -zeek.x509.certificate_subject.DC=db:zeek.x509.certificate_subject.DC;group:zeek_x509;kind:termfield;friendly:Subject Distinguished Name;help:Subject Distinguished Name -zeek.x509.certificate_subject.description=db:zeek.x509.certificate_subject.description;group:zeek_x509;kind:termfield;friendly:Subject Description;help:Subject Description -zeek.x509.certificate_subject.emailAddress=db:zeek.x509.certificate_subject.emailAddress;group:zeek_x509;kind:termfield;friendly:Subject Email Address;help:Subject Email Address -zeek.x509.certificate_subject.GN=db:zeek.x509.certificate_subject.GN;group:zeek_x509;kind:termfield;friendly:Subject Given Name;help:Subject Given Name -zeek.x509.certificate_subject.initials=db:zeek.x509.certificate_subject.initials;group:zeek_x509;kind:termfield;friendly:Subject Initials;help:Subject Initials -zeek.x509.certificate_subject.jurisdictionC=db:zeek.x509.certificate_subject.jurisdictionC;group:zeek_x509;kind:termfield;friendly:Subject Jurisdiction Country;help:Subject Jurisdiction Country -zeek.x509.certificate_subject.jurisdictionST=db:zeek.x509.certificate_subject.jurisdictionST;group:zeek_x509;kind:termfield;friendly:Subject Jurisdiction State;help:Subject Jurisdiction State -zeek.x509.certificate_subject.L=db:zeek.x509.certificate_subject.L;group:zeek_x509;kind:termfield;friendly:Subject Locality;help:Subject Locality -zeek.x509.certificate_subject.name=db:zeek.x509.certificate_subject.name;group:zeek_x509;kind:termfield;friendly:Subject Name;help:Subject Name -zeek.x509.certificate_subject.O=db:zeek.x509.certificate_subject.O;group:zeek_x509;kind:termfield;friendly:Subject Organization;help:Subject Organization -zeek.x509.certificate_subject.OU=db:zeek.x509.certificate_subject.OU;group:zeek_x509;kind:termfield;friendly:Subject Organization Unit;help:Subject Organization Unit -zeek.x509.certificate_subject.postalCode=db:zeek.x509.certificate_subject.postalCode;group:zeek_x509;kind:termfield;friendly:Subject Postal Code;help:Subject Postal Code -zeek.x509.certificate_subject.pseudonym=db:zeek.x509.certificate_subject.pseudonym;group:zeek_x509;kind:termfield;friendly:Subject Pseudonym;help:Subject Pseudonym -zeek.x509.certificate_subject.serialNumber=db:zeek.x509.certificate_subject.serialNumber;group:zeek_x509;kind:termfield;friendly:Subject Serial Number;help:Subject Serial Number -zeek.x509.certificate_subject.SN=db:zeek.x509.certificate_subject.SN;group:zeek_x509;kind:termfield;friendly:Subject Surname;help:Subject Surname -zeek.x509.certificate_subject.ST=db:zeek.x509.certificate_subject.ST;group:zeek_x509;kind:termfield;friendly:Subject State;help:Subject State -zeek.x509.certificate_subject.street=db:zeek.x509.certificate_subject.street;group:zeek_x509;kind:termfield;friendly:Subject Street;help:Subject Street -zeek.x509.certificate_subject.title=db:zeek.x509.certificate_subject.title;group:zeek_x509;kind:termfield;friendly:Subject Title;help:Subject Title -zeek.x509.certificate_subject_full=db:zeek.x509.certificate_subject_full;group:zeek_x509;kind:termfield;friendly:Subject;help:Subject -zeek.x509.certificate_version=db:zeek.x509.certificate_version;group:zeek_x509;kind:integer;friendly:Version;help:Version -zeek.x509.client_cert=db:zeek.x509.client_cert;group:zeek_x509;kind:termfield;friendly:Client Certificate;help:Client Certificate -zeek.x509.fingerprint=db:zeek.x509.fingerprint;group:zeek_x509;kind:termfield;friendly:Certificate Fingerprint;help:Certificate Fingerprint -zeek.x509.host_cert=db:zeek.x509.host_cert;group:zeek_x509;kind:termfield;friendly:Host Certificate;help:Host Certificate -zeek.x509.san_dns=db:zeek.x509.san_dns;group:zeek_x509;kind:termfield;friendly:SAN DNS;help:Subject Alternative Name DNS -zeek.x509.san_email=db:zeek.x509.san_email;group:zeek_x509;kind:termfield;friendly:SAN Email;help:Subject Alternative Name Email -zeek.x509.san_ip=db:zeek.x509.san_ip;group:zeek_x509;kind:termfield;friendly:SAN IP;help:Subject Alternative Name IP -zeek.x509.san_uri=db:zeek.x509.san_uri;group:zeek_x509;kind:termfield;friendly:SAN URI;help:Subject Alternative Name URI +zeek.x509.basic_constraints_ca=db:zeek.x509.basic_constraints_ca;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:CA Flag;help:CA Flag +zeek.x509.basic_constraints_path_len=db:zeek.x509.basic_constraints_path_len;group:zeek_x509;kind:integer;viewerOnly:true;friendly:Maximum Path Length;help:Maximum Path Length +zeek.x509.certificate_curve=db:zeek.x509.certificate_curve;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Elliptic Curve;help:Elliptic Curve +zeek.x509.certificate_exponent=db:zeek.x509.certificate_exponent;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:RSA Exponent;help:RSA Exponent +zeek.x509.certificate_issuer.C=db:zeek.x509.certificate_issuer.C;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Country;help:Issuer Country +zeek.x509.certificate_issuer.CN=db:zeek.x509.certificate_issuer.CN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Common Name;help:Issuer Common Name +zeek.x509.certificate_issuer.DC=db:zeek.x509.certificate_issuer.DC;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Common Name;help:Issuer Distinguished Name +zeek.x509.certificate_issuer.emailAddress=db:zeek.x509.certificate_issuer.emailAddress;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Email Address;help:Issuer Email Address +zeek.x509.certificate_issuer.GN=db:zeek.x509.certificate_issuer.GN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Given Name;help:Issuer Given Name +zeek.x509.certificate_issuer.initials=db:zeek.x509.certificate_issuer.initials;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Initials;help:Issuer Initials +zeek.x509.certificate_issuer.L=db:zeek.x509.certificate_issuer.L;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Locality;help:Issuer Locality +zeek.x509.certificate_issuer.name=db:zeek.x509.certificate_issuer.name;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Name;help:Issuer Name +zeek.x509.certificate_issuer.O=db:zeek.x509.certificate_issuer.O;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Organization;help:Issuer Organization +zeek.x509.certificate_issuer.OU=db:zeek.x509.certificate_issuer.OU;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Organization Unit;help:Issuer Organization Unit +zeek.x509.certificate_issuer.postalCode=db:zeek.x509.certificate_issuer.postalCode;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Name;help:Issuer Postal Code +zeek.x509.certificate_issuer.pseudonym=db:zeek.x509.certificate_issuer.pseudonym;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Pseudonym;help:Issuer Pseudonym +zeek.x509.certificate_issuer.serialNumber=db:zeek.x509.certificate_issuer.serialNumber;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Serial Number;help:Issuer Serial Number +zeek.x509.certificate_issuer.SN=db:zeek.x509.certificate_issuer.SN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Surname;help:Issuer Surname +zeek.x509.certificate_issuer.ST=db:zeek.x509.certificate_issuer.ST;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer State;help:Issuer State +zeek.x509.certificate_issuer.street=db:zeek.x509.certificate_issuer.street;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Street;help:Issuer Street +zeek.x509.certificate_issuer.title=db:zeek.x509.certificate_issuer.title;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Title;help:Issuer Title +zeek.x509.certificate_issuer_full=db:zeek.x509.certificate_issuer_full;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer;help:Issuer +zeek.x509.certificate_key_alg=db:zeek.x509.certificate_key_alg;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Key Algorithm;help:Key Algorithm +zeek.x509.certificate_key_length=db:zeek.x509.certificate_key_length;group:zeek_x509;kind:integer;viewerOnly:true;friendly:Key Bitlength;help:Key Bitlength +zeek.x509.certificate_key_type=db:zeek.x509.certificate_key_type;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Key Type;help:Key Type +zeek.x509.certificate_not_valid_after=db:zeek.x509.certificate_not_valid_after;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Not Valid After;help:Not Valid After +zeek.x509.certificate_not_valid_before=db:zeek.x509.certificate_not_valid_before;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Not Valid Before;help:Not Valid Before +zeek.x509.certificate_serial=db:zeek.x509.certificate_serial;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Serial Number;help:Serial Number +zeek.x509.certificate_sig_alg=db:zeek.x509.certificate_sig_alg;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Signature Algorithm;help:Signature Algorithm +zeek.x509.certificate_subject.businessCategory=db:zeek.x509.certificate_subject.businessCategory;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Issuer Business Category;help:Subject Category +zeek.x509.certificate_subject.C=db:zeek.x509.certificate_subject.C;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Country;help:Subject Country +zeek.x509.certificate_subject.CN=db:zeek.x509.certificate_subject.CN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Common Name;help:Subject Common Name +zeek.x509.certificate_subject.DC=db:zeek.x509.certificate_subject.DC;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Distinguished Name;help:Subject Distinguished Name +zeek.x509.certificate_subject.description=db:zeek.x509.certificate_subject.description;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Description;help:Subject Description +zeek.x509.certificate_subject.emailAddress=db:zeek.x509.certificate_subject.emailAddress;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Email Address;help:Subject Email Address +zeek.x509.certificate_subject.GN=db:zeek.x509.certificate_subject.GN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Given Name;help:Subject Given Name +zeek.x509.certificate_subject.initials=db:zeek.x509.certificate_subject.initials;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Initials;help:Subject Initials +zeek.x509.certificate_subject.jurisdictionC=db:zeek.x509.certificate_subject.jurisdictionC;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Jurisdiction Country;help:Subject Jurisdiction Country +zeek.x509.certificate_subject.jurisdictionST=db:zeek.x509.certificate_subject.jurisdictionST;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Jurisdiction State;help:Subject Jurisdiction State +zeek.x509.certificate_subject.L=db:zeek.x509.certificate_subject.L;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Locality;help:Subject Locality +zeek.x509.certificate_subject.name=db:zeek.x509.certificate_subject.name;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Name;help:Subject Name +zeek.x509.certificate_subject.O=db:zeek.x509.certificate_subject.O;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Organization;help:Subject Organization +zeek.x509.certificate_subject.OU=db:zeek.x509.certificate_subject.OU;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Organization Unit;help:Subject Organization Unit +zeek.x509.certificate_subject.postalCode=db:zeek.x509.certificate_subject.postalCode;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Postal Code;help:Subject Postal Code +zeek.x509.certificate_subject.pseudonym=db:zeek.x509.certificate_subject.pseudonym;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Pseudonym;help:Subject Pseudonym +zeek.x509.certificate_subject.serialNumber=db:zeek.x509.certificate_subject.serialNumber;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Serial Number;help:Subject Serial Number +zeek.x509.certificate_subject.SN=db:zeek.x509.certificate_subject.SN;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Surname;help:Subject Surname +zeek.x509.certificate_subject.ST=db:zeek.x509.certificate_subject.ST;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject State;help:Subject State +zeek.x509.certificate_subject.street=db:zeek.x509.certificate_subject.street;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Street;help:Subject Street +zeek.x509.certificate_subject.title=db:zeek.x509.certificate_subject.title;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject Title;help:Subject Title +zeek.x509.certificate_subject_full=db:zeek.x509.certificate_subject_full;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Subject;help:Subject +zeek.x509.certificate_version=db:zeek.x509.certificate_version;group:zeek_x509;kind:integer;viewerOnly:true;friendly:Version;help:Version +zeek.x509.client_cert=db:zeek.x509.client_cert;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Client Certificate;help:Client Certificate +zeek.x509.fingerprint=db:zeek.x509.fingerprint;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Certificate Fingerprint;help:Certificate Fingerprint +zeek.x509.host_cert=db:zeek.x509.host_cert;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:Host Certificate;help:Host Certificate +zeek.x509.san_dns=db:zeek.x509.san_dns;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:SAN DNS;help:Subject Alternative Name DNS +zeek.x509.san_email=db:zeek.x509.san_email;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:SAN Email;help:Subject Alternative Name Email +zeek.x509.san_ip=db:zeek.x509.san_ip;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:SAN IP;help:Subject Alternative Name IP +zeek.x509.san_uri=db:zeek.x509.san_uri;group:zeek_x509;kind:termfield;viewerOnly:true;friendly:SAN URI;help:Subject Alternative Name URI # Suricata # some of the suricata custom views are commented out when > 2 levels # deep due to arkime/arkime#1781 (and pugjs/pug#3292) -suricata.action=db:suricata.action;group:suricata_common;kind:termfield -suricata.app_proto_expected=db:suricata.app_proto_expected;group:suricata_common;kind:termfield -suricata.app_proto_orig=db:suricata.app_proto_orig;group:suricata_common;kind:termfield -suricata.app_proto_tc=db:suricata.app_proto_tc;group:suricata_common;kind:termfield -suricata.app_proto_ts=db:suricata.app_proto_ts;group:suricata_common;kind:termfield -suricata.category=db:suricata.category;group:suricata_common;kind:termfield -suricata.flow_id=db:suricata.flow_id;group:suricata_common;kind:termfield -suricata.pcap_cnt=db:suricata.pcap_cnt;group:suricata_common;kind:integer -suricata.pcap_filename=db:suricata.pcap_filename;group:suricata_common;kind:termfield -suricata.severity=db:suricata.severity;group:suricata_common;kind:termfield -suricata.signature=db:suricata.signature;group:suricata_common;kind:termfield -suricata.stream=db:suricata.stream;group:suricata_common;kind:integer -suricata.timestamp=db:suricata.timestamp;group:suricata_common;kind:termfield -suricata.tx_id=db:suricata.tx_id;group:suricata_common;kind:termfield - -suricata.alert.action=db:suricata.alert.action;group:suricata_alert;kind:termfield -suricata.alert.metadata.created_at=db:suricata.alert.metadata.created_at;group:suricata_alert;kind:termfield -suricata.alert.metadata.malware_family=db:suricata.alert.metadata.malware_family;group:suricata_alert;kind:termfield -suricata.alert.metadata.performance_impact=db:suricata.alert.metadata.performance_impact;group:suricata_alert;kind:termfield -suricata.alert.metadata.signature_severity=db:suricata.alert.metadata.signature_severity;group:suricata_alert;kind:termfield -suricata.alert.metadata.updated_at=db:suricata.alert.metadata.updated_at;group:suricata_alert;kind:termfield -suricata.alert.rev=db:suricata.alert.rev;group:suricata_alert;kind:integer -suricata.alert.severity=db:suricata.alert.severity;group:suricata_alert;kind:integer - -suricata.anomaly.app_proto=db:suricata.anomaly.app_proto;group:suricata_anomaly;kind:termfield -suricata.anomaly.code=db:suricata.anomaly.code;group:suricata_anomaly;kind:integer -suricata.anomaly.event=db:suricata.anomaly.event;group:suricata_anomaly;kind:termfield -suricata.anomaly.event_no=db:suricata.anomaly.event_no;group:suricata_anomaly;kind:termfield -suricata.anomaly.layer=db:suricata.anomaly.layer;group:suricata_anomaly;kind:termfield -suricata.anomaly.type=db:suricata.anomaly.type;group:suricata_anomaly;kind:termfield - -suricata.dhcp.assigned_ip=db:suricata.dhcp.assigned_ip;group:suricata_dhcp;kind:termfield -suricata.dhcp.client_id=db:suricata.dhcp.client_id;group:suricata_dhcp;kind:termfield -suricata.dhcp.client_ip=db:suricata.dhcp.client_ip;group:suricata_dhcp;kind:termfield -suricata.dhcp.client_mac=db:suricata.dhcp.client_mac;group:suricata_dhcp;kind:termfield -suricata.dhcp.dhcp_type=db:suricata.dhcp.dhcp_type;group:suricata_dhcp;kind:termfield -suricata.dhcp.dns_servers=db:suricata.dhcp.dns_servers;group:suricata_dhcp;kind:termfield -suricata.dhcp.hostname=db:suricata.dhcp.hostname;group:suricata_dhcp;kind:termfield -suricata.dhcp.id=db:suricata.dhcp.id;group:suricata_dhcp;kind:termfield -suricata.dhcp.lease_time=db:suricata.dhcp.lease_time;group:suricata_dhcp;kind:integer -suricata.dhcp.next_server_ip=db:suricata.dhcp.next_server_ip;group:suricata_dhcp;kind:termfield -suricata.dhcp.params=db:suricata.dhcp.params;group:suricata_dhcp;kind:termfield -suricata.dhcp.rebinding_time=db:suricata.dhcp.rebinding_time;group:suricata_dhcp;kind:integer -suricata.dhcp.relay_ip=db:suricata.dhcp.relay_ip;group:suricata_dhcp;kind:termfield -suricata.dhcp.renewal_time=db:suricata.dhcp.renewal_time;group:suricata_dhcp;kind:integer -suricata.dhcp.requested_ip=db:suricata.dhcp.requested_ip;group:suricata_dhcp;kind:termfield -suricata.dhcp.routers=db:suricata.dhcp.routers;group:suricata_dhcp;kind:termfield -suricata.dhcp.subnet_mask=db:suricata.dhcp.subnet_mask;group:suricata_dhcp;kind:termfield -suricata.dhcp.type=db:suricata.dhcp.type;group:suricata_dhcp;kind:termfield - -suricata.dnp3.application.complete=db:suricata.dnp3.application.complete;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.control.con=db:suricata.dnp3.application.control.con;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.control.fin=db:suricata.dnp3.application.control.fin;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.control.fir=db:suricata.dnp3.application.control.fir;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.control.sequence=db:suricata.dnp3.application.control.sequence;group:suricata_dnp3;kind:integer -suricata.dnp3.application.control.uns=db:suricata.dnp3.application.control.uns;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.function_code=db:suricata.dnp3.application.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.count=db:suricata.dnp3.application.objects.count;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.group=db:suricata.dnp3.application.objects.group;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.authentication_key=db:suricata.dnp3.application.objects.points.authentication_key;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.block_number=db:suricata.dnp3.application.objects.points.block_number;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.challenge_data_len=db:suricata.dnp3.application.objects.points.challenge_data_len;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.chatter_filter=db:suricata.dnp3.application.objects.points.chatter_filter;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.comm_lost=db:suricata.dnp3.application.objects.points.comm_lost;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.count=db:suricata.dnp3.application.objects.points.count;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.cr=db:suricata.dnp3.application.objects.points.cr;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.created=db:suricata.dnp3.application.objects.points.created;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.data.mac_value=db:suricata.dnp3.application.objects.points.data.mac_value;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.data.wrapped_key_data=db:suricata.dnp3.application.objects.points.data.wrapped_key_data;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.delay_ms=db:suricata.dnp3.application.objects.points.delay_ms;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.file_data=db:suricata.dnp3.application.objects.points.file_data;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.file_handle=db:suricata.dnp3.application.objects.points.file_handle;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.file_size=db:suricata.dnp3.application.objects.points.file_size;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.filename=db:suricata.dnp3.application.objects.points.filename;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.filename_offset=db:suricata.dnp3.application.objects.points.filename_offset;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.filename_size=db:suricata.dnp3.application.objects.points.filename_size;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.index=db:suricata.dnp3.application.objects.points.index;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.key_status=db:suricata.dnp3.application.objects.points.key_status;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.key_wrap_alg=db:suricata.dnp3.application.objects.points.key_wrap_alg;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.ksq=db:suricata.dnp3.application.objects.points.ksq;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.local_forced=db:suricata.dnp3.application.objects.points.local_forced;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.mal=db:suricata.dnp3.application.objects.points.mal;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.maximum_block_size=db:suricata.dnp3.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.offtime=db:suricata.dnp3.application.objects.points.offtime;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.online=db:suricata.dnp3.application.objects.points.online;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.ontime=db:suricata.dnp3.application.objects.points.ontime;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.op_type=db:suricata.dnp3.application.objects.points.op_type;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.operational_mode=db:suricata.dnp3.application.objects.points.operational_mode;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.optional_text=db:suricata.dnp3.application.objects.points.optional_text;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.over_range=db:suricata.dnp3.application.objects.points.over_range;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.permissions=db:suricata.dnp3.application.objects.points.permissions;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.prefix=db:suricata.dnp3.application.objects.points.prefix;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.qu=db:suricata.dnp3.application.objects.points.qu;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.reference_err=db:suricata.dnp3.application.objects.points.reference_err;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.remote_forced=db:suricata.dnp3.application.objects.points.remote_forced;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.request_id=db:suricata.dnp3.application.objects.points.request_id;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.reserved0=db:suricata.dnp3.application.objects.points.reserved0;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.reserved1=db:suricata.dnp3.application.objects.points.reserved1;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.reserved=db:suricata.dnp3.application.objects.points.reserved;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.restart=db:suricata.dnp3.application.objects.points.restart;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.size=db:suricata.dnp3.application.objects.points.size;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.state=db:suricata.dnp3.application.objects.points.state;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.status_code=db:suricata.dnp3.application.objects.points.status_code;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.tcc=db:suricata.dnp3.application.objects.points.tcc;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.timestamp=db:suricata.dnp3.application.objects.points.timestamp;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.points.user_number=db:suricata.dnp3.application.objects.points.user_number;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.usr=db:suricata.dnp3.application.objects.points.usr;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.points.value=db:suricata.dnp3.application.objects.points.value;group:suricata_dnp3;kind:termfield -suricata.dnp3.application.objects.prefix_code=db:suricata.dnp3.application.objects.prefix_code;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.qualifier=db:suricata.dnp3.application.objects.qualifier;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.range_code=db:suricata.dnp3.application.objects.range_code;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.start=db:suricata.dnp3.application.objects.start;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.stop=db:suricata.dnp3.application.objects.stop;group:suricata_dnp3;kind:integer -suricata.dnp3.application.objects.variation=db:suricata.dnp3.application.objects.variation;group:suricata_dnp3;kind:integer -suricata.dnp3.control.dir=db:suricata.dnp3.control.dir;group:suricata_dnp3;kind:termfield -suricata.dnp3.control.fcb=db:suricata.dnp3.control.fcb;group:suricata_dnp3;kind:termfield -suricata.dnp3.control.fcv=db:suricata.dnp3.control.fcv;group:suricata_dnp3;kind:termfield -suricata.dnp3.control.function_code=db:suricata.dnp3.control.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.control.pri=db:suricata.dnp3.control.pri;group:suricata_dnp3;kind:termfield -suricata.dnp3.dst=db:suricata.dnp3.dst;group:suricata_dnp3;kind:integer -suricata.dnp3.iin.indicators=db:suricata.dnp3.iin.indicators;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.complete=db:suricata.dnp3.request.application.complete;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.control.con=db:suricata.dnp3.request.application.control.con;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.control.fin=db:suricata.dnp3.request.application.control.fin;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.control.fir=db:suricata.dnp3.request.application.control.fir;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.control.sequence=db:suricata.dnp3.request.application.control.sequence;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.control.uns=db:suricata.dnp3.request.application.control.uns;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.function_code=db:suricata.dnp3.request.application.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.count=db:suricata.dnp3.request.application.objects.count;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.group=db:suricata.dnp3.request.application.objects.group;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.authentication_key=db:suricata.dnp3.request.application.objects.points.authentication_key;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.count=db:suricata.dnp3.request.application.objects.points.count;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.cr=db:suricata.dnp3.request.application.objects.points.cr;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.created=db:suricata.dnp3.request.application.objects.points.created;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.file_size=db:suricata.dnp3.request.application.objects.points.file_size;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.filename=db:suricata.dnp3.request.application.objects.points.filename;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.objects.points.filename_offset=db:suricata.dnp3.request.application.objects.points.filename_offset;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.filename_size=db:suricata.dnp3.request.application.objects.points.filename_size;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.index=db:suricata.dnp3.request.application.objects.points.index;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.maximum_block_size=db:suricata.dnp3.request.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.offtime=db:suricata.dnp3.request.application.objects.points.offtime;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.ontime=db:suricata.dnp3.request.application.objects.points.ontime;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.op_type=db:suricata.dnp3.request.application.objects.points.op_type;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.operational_mode=db:suricata.dnp3.request.application.objects.points.operational_mode;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.permissions=db:suricata.dnp3.request.application.objects.points.permissions;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.prefix=db:suricata.dnp3.request.application.objects.points.prefix;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.qu=db:suricata.dnp3.request.application.objects.points.qu;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.request_id=db:suricata.dnp3.request.application.objects.points.request_id;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.objects.points.reserved=db:suricata.dnp3.request.application.objects.points.reserved;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.size=db:suricata.dnp3.request.application.objects.points.size;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.status_code=db:suricata.dnp3.request.application.objects.points.status_code;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.tcc=db:suricata.dnp3.request.application.objects.points.tcc;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.points.timestamp=db:suricata.dnp3.request.application.objects.points.timestamp;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.application.objects.points.user_number=db:suricata.dnp3.request.application.objects.points.user_number;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.prefix_code=db:suricata.dnp3.request.application.objects.prefix_code;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.qualifier=db:suricata.dnp3.request.application.objects.qualifier;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.range_code=db:suricata.dnp3.request.application.objects.range_code;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.start=db:suricata.dnp3.request.application.objects.start;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.stop=db:suricata.dnp3.request.application.objects.stop;group:suricata_dnp3;kind:integer -suricata.dnp3.request.application.objects.variation=db:suricata.dnp3.request.application.objects.variation;group:suricata_dnp3;kind:integer -suricata.dnp3.request.control.dir=db:suricata.dnp3.request.control.dir;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.control.fcb=db:suricata.dnp3.request.control.fcb;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.control.fcv=db:suricata.dnp3.request.control.fcv;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.control.function_code=db:suricata.dnp3.request.control.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.request.control.pri=db:suricata.dnp3.request.control.pri;group:suricata_dnp3;kind:termfield -suricata.dnp3.request.dst=db:suricata.dnp3.request.dst;group:suricata_dnp3;kind:integer -suricata.dnp3.request.src=db:suricata.dnp3.request.src;group:suricata_dnp3;kind:integer -suricata.dnp3.request.type=db:suricata.dnp3.request.type;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.complete=db:suricata.dnp3.response.application.complete;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.control.con=db:suricata.dnp3.response.application.control.con;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.control.fin=db:suricata.dnp3.response.application.control.fin;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.control.fir=db:suricata.dnp3.response.application.control.fir;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.control.sequence=db:suricata.dnp3.response.application.control.sequence;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.control.uns=db:suricata.dnp3.response.application.control.uns;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.function_code=db:suricata.dnp3.response.application.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.count=db:suricata.dnp3.response.application.objects.count;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.group=db:suricata.dnp3.response.application.objects.group;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.challenge_data_len=db:suricata.dnp3.response.application.objects.points.challenge_data_len;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.chatter_filter=db:suricata.dnp3.response.application.objects.points.chatter_filter;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.comm_lost=db:suricata.dnp3.response.application.objects.points.comm_lost;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.count=db:suricata.dnp3.response.application.objects.points.count;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.cr=db:suricata.dnp3.response.application.objects.points.cr;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.data.challenge_data=db:suricata.dnp3.response.application.objects.points.data.challenge_data;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.objects.points.data.mac_value=db:suricata.dnp3.response.application.objects.points.data.mac_value;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.objects.points.delay_ms=db:suricata.dnp3.response.application.objects.points.delay_ms;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.file_handle=db:suricata.dnp3.response.application.objects.points.file_handle;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.file_size=db:suricata.dnp3.response.application.objects.points.file_size;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.index=db:suricata.dnp3.response.application.objects.points.index;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.key_status=db:suricata.dnp3.response.application.objects.points.key_status;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.key_wrap_alg=db:suricata.dnp3.response.application.objects.points.key_wrap_alg;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.ksq=db:suricata.dnp3.response.application.objects.points.ksq;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.local_forced=db:suricata.dnp3.response.application.objects.points.local_forced;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.mal=db:suricata.dnp3.response.application.objects.points.mal;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.maximum_block_size=db:suricata.dnp3.response.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.offtime=db:suricata.dnp3.response.application.objects.points.offtime;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.online=db:suricata.dnp3.response.application.objects.points.online;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.ontime=db:suricata.dnp3.response.application.objects.points.ontime;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.op_type=db:suricata.dnp3.response.application.objects.points.op_type;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.optional_text=db:suricata.dnp3.response.application.objects.points.optional_text;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.objects.points.over_range=db:suricata.dnp3.response.application.objects.points.over_range;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.prefix=db:suricata.dnp3.response.application.objects.points.prefix;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.qu=db:suricata.dnp3.response.application.objects.points.qu;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.reference_err=db:suricata.dnp3.response.application.objects.points.reference_err;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.remote_forced=db:suricata.dnp3.response.application.objects.points.remote_forced;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.request_id=db:suricata.dnp3.response.application.objects.points.request_id;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.objects.points.reserved0=db:suricata.dnp3.response.application.objects.points.reserved0;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.reserved1=db:suricata.dnp3.response.application.objects.points.reserved1;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.reserved=db:suricata.dnp3.response.application.objects.points.reserved;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.restart=db:suricata.dnp3.response.application.objects.points.restart;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.size=db:suricata.dnp3.response.application.objects.points.size;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.state=db:suricata.dnp3.response.application.objects.points.state;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.status_code=db:suricata.dnp3.response.application.objects.points.status_code;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.tcc=db:suricata.dnp3.response.application.objects.points.tcc;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.user_number=db:suricata.dnp3.response.application.objects.points.user_number;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.points.value=db:suricata.dnp3.response.application.objects.points.value;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.application.objects.prefix_code=db:suricata.dnp3.response.application.objects.prefix_code;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.qualifier=db:suricata.dnp3.response.application.objects.qualifier;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.range_code=db:suricata.dnp3.response.application.objects.range_code;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.start=db:suricata.dnp3.response.application.objects.start;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.stop=db:suricata.dnp3.response.application.objects.stop;group:suricata_dnp3;kind:integer -suricata.dnp3.response.application.objects.variation=db:suricata.dnp3.response.application.objects.variation;group:suricata_dnp3;kind:integer -suricata.dnp3.response.control.dir=db:suricata.dnp3.response.control.dir;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.control.fcb=db:suricata.dnp3.response.control.fcb;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.control.fcv=db:suricata.dnp3.response.control.fcv;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.control.function_code=db:suricata.dnp3.response.control.function_code;group:suricata_dnp3;kind:integer -suricata.dnp3.response.control.pri=db:suricata.dnp3.response.control.pri;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.dst=db:suricata.dnp3.response.dst;group:suricata_dnp3;kind:integer -suricata.dnp3.response.iin.indicators=db:suricata.dnp3.response.iin.indicators;group:suricata_dnp3;kind:termfield -suricata.dnp3.response.src=db:suricata.dnp3.response.src;group:suricata_dnp3;kind:integer -suricata.dnp3.response.type=db:suricata.dnp3.response.type;group:suricata_dnp3;kind:termfield -suricata.dnp3.src=db:suricata.dnp3.src;group:suricata_dnp3;kind:integer -suricata.dnp3.type=db:suricata.dnp3.type;group:suricata_dnp3;kind:termfield - -suricata.dns.aa=db:suricata.dns.aa;group:suricata_dns;kind:termfield -suricata.dns.answer.aa=db:suricata.dns.answer.aa;group:suricata_dns;kind:termfield -suricata.dns.answer.authorities.rrname=db:suricata.dns.answer.authorities.rrname;group:suricata_dns;kind:termfield -suricata.dns.answer.authorities.rrtype=db:suricata.dns.answer.authorities.rrtype;group:suricata_dns;kind:termfield -suricata.dns.answer.authorities.ttl=db:suricata.dns.answer.authorities.ttl;group:suricata_dns;kind:integer -suricata.dns.answer.flags=db:suricata.dns.answer.flags;group:suricata_dns;kind:termfield -suricata.dns.answer.id=db:suricata.dns.answer.id;group:suricata_dns;kind:integer -suricata.dns.answer.qr=db:suricata.dns.answer.qr;group:suricata_dns;kind:termfield -suricata.dns.answer.ra=db:suricata.dns.answer.ra;group:suricata_dns;kind:termfield -suricata.dns.answer.rcode=db:suricata.dns.answer.rcode;group:suricata_dns;kind:termfield -suricata.dns.answer.rrname=db:suricata.dns.answer.rrname;group:suricata_dns;kind:termfield -suricata.dns.answer.rrtype=db:suricata.dns.answer.rrtype;group:suricata_dns;kind:termfield -suricata.dns.answer.type=db:suricata.dns.answer.type;group:suricata_dns;kind:termfield -suricata.dns.answer.version=db:suricata.dns.answer.version;group:suricata_dns;kind:integer -suricata.dns.answers.rdata=db:suricata.dns.answers.rdata;group:suricata_dns;kind:termfield -suricata.dns.answers.rrname=db:suricata.dns.answers.rrname;group:suricata_dns;kind:termfield -suricata.dns.answers.rrtype=db:suricata.dns.answers.rrtype;group:suricata_dns;kind:termfield -suricata.dns.answers.ttl=db:suricata.dns.answers.ttl;group:suricata_dns;kind:integer -suricata.dns.authorities.rdata=db:suricata.dns.authorities.rdata;group:suricata_dns;kind:termfield -suricata.dns.authorities.rrname=db:suricata.dns.authorities.rrname;group:suricata_dns;kind:termfield -suricata.dns.authorities.rrtype=db:suricata.dns.authorities.rrtype;group:suricata_dns;kind:termfield -suricata.dns.authorities.ttl=db:suricata.dns.authorities.ttl;group:suricata_dns;kind:integer -suricata.dns.flags=db:suricata.dns.flags;group:suricata_dns;kind:termfield -suricata.dns.qr=db:suricata.dns.qr;group:suricata_dns;kind:termfield -suricata.dns.query.id=db:suricata.dns.query.id;group:suricata_dns;kind:integer -suricata.dns.query.rrname=db:suricata.dns.query.rrname;group:suricata_dns;kind:termfield -suricata.dns.query.rrtype=db:suricata.dns.query.rrtype;group:suricata_dns;kind:termfield -suricata.dns.query.tx_id=db:suricata.dns.query.tx_id;group:suricata_dns;kind:termfield -suricata.dns.query.type=db:suricata.dns.query.type;group:suricata_dns;kind:termfield -suricata.dns.ra=db:suricata.dns.ra;group:suricata_dns;kind:termfield -suricata.dns.rd=db:suricata.dns.rd;group:suricata_dns;kind:termfield -suricata.dns.rrname=db:suricata.dns.rrname;group:suricata_dns;kind:termfield -suricata.dns.rrtype=db:suricata.dns.rrtype;group:suricata_dns;kind:termfield -suricata.dns.tc=db:suricata.dns.tc;group:suricata_dns;kind:termfield -suricata.dns.tx_id=db:suricata.dns.tx_id;group:suricata_dns;kind:termfield -suricata.dns.version=db:suricata.dns.version;group:suricata_dns;kind:integer - -suricata.email.attachment=db:suricata.email.attachment;group:suricata_email;kind:termfield -suricata.email.body_md5=db:suricata.email.body_md5;group:suricata_email;kind:termfield -suricata.email.cc=db:suricata.email.cc;group:suricata_email;kind:termfield -suricata.email.from=db:suricata.email.from;group:suricata_email;kind:termfield -suricata.email.status=db:suricata.email.status;group:suricata_email;kind:termfield -suricata.email.subject_md5=db:suricata.email.subject_md5;group:suricata_email;kind:termfield -suricata.email.to=db:suricata.email.to;group:suricata_email;kind:termfield - -suricata.fileinfo.end=db:suricata.fileinfo.end;group:suricata_fileinfo;kind:integer -suricata.fileinfo.file_id=db:suricata.fileinfo.file_id;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.filename=db:suricata.fileinfo.filename;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.gaps=db:suricata.fileinfo.gaps;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.magic=db:suricata.fileinfo.magic;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.md5=db:suricata.fileinfo.md5;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.sha1=db:suricata.fileinfo.sha1;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.sha256=db:suricata.fileinfo.sha256;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.sid=db:suricata.fileinfo.sid;group:suricata_fileinfo;kind:integer -suricata.fileinfo.size=db:suricata.fileinfo.size;group:suricata_fileinfo;kind:integer -suricata.fileinfo.start=db:suricata.fileinfo.start;group:suricata_fileinfo;kind:integer -suricata.fileinfo.state=db:suricata.fileinfo.state;group:suricata_fileinfo;kind:termfield -suricata.fileinfo.tx_id=db:suricata.fileinfo.tx_id;group:suricata_fileinfo;kind:termfield - -suricata.files.end=db:suricata.files.end;group:suricata_files;kind:termfield -suricata.files.filename=db:suricata.files.filename;group:suricata_files;kind:termfield -suricata.files.gaps=db:suricata.files.gaps;group:suricata_files;kind:termfield -suricata.files.size=db:suricata.files.size;group:suricata_files;kind:integer -suricata.files.start=db:suricata.files.start;group:suricata_files;kind:termfield -suricata.files.state=db:suricata.files.state;group:suricata_files;kind:termfield -suricata.files.tx_id=db:suricata.files.tx_id;group:suricata_files;kind:termfield - -suricata.flow.age=db:suricata.flow.age;group:suricata_flow;kind:integer -suricata.flow.alerted=db:suricata.flow.alerted;group:suricata_flow;kind:termfield -suricata.flow.bytes_toclient=db:suricata.flow.bytes_toclient;group:suricata_flow;kind:integer -suricata.flow.bytes_toserver=db:suricata.flow.bytes_toserver;group:suricata_flow;kind:integer -suricata.flow.emergency=db:suricata.flow.emergency;group:suricata_flow;kind:termfield -suricata.flow.end=db:suricata.flow.end;group:suricata_flow;kind:termfield -suricata.flow.pkts_toclient=db:suricata.flow.pkts_toclient;group:suricata_flow;kind:integer -suricata.flow.pkts_toserver=db:suricata.flow.pkts_toserver;group:suricata_flow;kind:integer -suricata.flow.reason=db:suricata.flow.reason;group:suricata_flow;kind:termfield -suricata.flow.start=db:suricata.flow.start;group:suricata_flow;kind:termfield -suricata.flow.state=db:suricata.flow.state;group:suricata_flow;kind:termfield - -suricata.ftp.command=db:suricata.ftp.command;group:suricata_ftp;kind:termfield -suricata.ftp.command_data=db:suricata.ftp.command_data;group:suricata_ftp;kind:termfield -suricata.ftp.completion_code=db:suricata.ftp.completion_code;group:suricata_ftp;kind:termfield -suricata.ftp.dynamic_port=db:suricata.ftp.dynamic_port;group:suricata_ftp;kind:integer -suricata.ftp.reply=db:suricata.ftp.reply;group:suricata_ftp;kind:termfield -suricata.ftp.reply_received=db:suricata.ftp.reply_received;group:suricata_ftp;kind:termfield - -suricata.http.content_range.end=db:suricata.http.content_range.end;group:suricata_http;kind:integer -suricata.http.content_range.raw=db:suricata.http.content_range.raw;group:suricata_http;kind:termfield -suricata.http.content_range.size=db:suricata.http.content_range.size;group:suricata_http;kind:integer -suricata.http.content_range.start=db:suricata.http.content_range.start;group:suricata_http;kind:integer -suricata.http.hostname=db:suricata.http.hostname;group:suricata_http;kind:termfield -suricata.http.http_content_type=db:suricata.http.http_content_type;group:suricata_http;kind:termfield -suricata.http.http_method=db:suricata.http.http_method;group:suricata_http;kind:termfield -suricata.http.http_port=db:suricata.http.http_port;group:suricata_http;kind:integer -suricata.http.http_refer=db:suricata.http.http_refer;group:suricata_http;kind:termfield -suricata.http.http_request_body=db:suricata.http.http_request_body;group:suricata_http;kind:termfield -suricata.http.http_request_body_printable=db:suricata.http.http_request_body_printable;group:suricata_http;kind:termfield -suricata.http.http_response_body=db:suricata.http.http_response_body;group:suricata_http;kind:termfield -suricata.http.http_response_body_printable=db:suricata.http.http_response_body_printable;group:suricata_http;kind:termfield -suricata.http.http_user_agent=db:suricata.http.http_user_agent;group:suricata_http;kind:termfield -suricata.http.length=db:suricata.http.length;group:suricata_http;kind:integer -suricata.http.protocol=db:suricata.http.protocol;group:suricata_http;kind:termfield -suricata.http.redirect=db:suricata.http.redirect;group:suricata_http;kind:termfield -suricata.http.request_headers.name=db:suricata.http.request_headers.name;group:suricata_http;kind:termfield -suricata.http.request_headers.value=db:suricata.http.request_headers.value;group:suricata_http;kind:termfield -suricata.http.response_headers.name=db:suricata.http.response_headers.name;group:suricata_http;kind:termfield -suricata.http.response_headers.value=db:suricata.http.response_headers.value;group:suricata_http;kind:termfield -suricata.http.status=db:suricata.http.status;group:suricata_http;kind:termfield -suricata.http.url=db:suricata.http.url;group:suricata_http;kind:termfield - -suricata.icmp_code=db:suricata.icmp_code;group:suricata_icmp;kind:integer -suricata.icmp_type=db:suricata.icmp_type;group:suricata_icmp;kind:integer -suricata.response_icmp_code=db:suricata.response_icmp_code;group:suricata_icmp;kind:integer -suricata.response_icmp_type=db:suricata.response_icmp_type;group:suricata_icmp;kind:integer - -suricata.ikev2.alg_auth=db:suricata.ikev2.alg_auth;group:suricata_ikev2;kind:termfield -suricata.ikev2.alg_dh=db:suricata.ikev2.alg_dh;group:suricata_ikev2;kind:termfield -suricata.ikev2.alg_enc=db:suricata.ikev2.alg_enc;group:suricata_ikev2;kind:termfield -suricata.ikev2.alg_esn=db:suricata.ikev2.alg_esn;group:suricata_ikev2;kind:termfield -suricata.ikev2.alg_prf=db:suricata.ikev2.alg_prf;group:suricata_ikev2;kind:termfield -suricata.ikev2.errors=db:suricata.ikev2.errors;group:suricata_ikev2;kind:integer -suricata.ikev2.exchange_type=db:suricata.ikev2.exchange_type;group:suricata_ikev2;kind:integer -suricata.ikev2.init_spi=db:suricata.ikev2.init_spi;group:suricata_ikev2;kind:termfield -suricata.ikev2.message_id=db:suricata.ikev2.message_id;group:suricata_ikev2;kind:termfield -suricata.ikev2.notify=db:suricata.ikev2.notify;group:suricata_ikev2;kind:termfield -suricata.ikev2.payload=db:suricata.ikev2.payload;group:suricata_ikev2;kind:termfield -suricata.ikev2.resp_spi=db:suricata.ikev2.resp_spi;group:suricata_ikev2;kind:termfield -suricata.ikev2.role=db:suricata.ikev2.role;group:suricata_ikev2;kind:termfield -suricata.ikev2.version_major=db:suricata.ikev2.version_major;group:suricata_ikev2;kind:integer -suricata.ikev2.version_minor=db:suricata.ikev2.version_minor;group:suricata_ikev2;kind:integer - -suricata.krb5.cname=db:suricata.krb5.cname;group:suricata_krb5;kind:termfield -suricata.krb5.encryption=db:suricata.krb5.encryption;group:suricata_krb5;kind:termfield -suricata.krb5.error_code=db:suricata.krb5.error_code;group:suricata_krb5;kind:termfield -suricata.krb5.failed_request=db:suricata.krb5.failed_request;group:suricata_krb5;kind:termfield -suricata.krb5.msg_type=db:suricata.krb5.msg_type;group:suricata_krb5;kind:termfield -suricata.krb5.realm=db:suricata.krb5.realm;group:suricata_krb5;kind:termfield -suricata.krb5.sname=db:suricata.krb5.sname;group:suricata_krb5;kind:termfield -suricata.krb5.weak_encryption=db:suricata.krb5.weak_encryption;group:suricata_krb5;kind:termfield - -suricata.netflow.age=db:suricata.netflow.age;group:suricata_netflow;kind:integer -suricata.netflow.bytes=db:suricata.netflow.bytes;group:suricata_netflow;kind:integer -suricata.netflow.end=db:suricata.netflow.end;group:suricata_netflow;kind:termfield -suricata.netflow.max_ttl=db:suricata.netflow.max_ttl;group:suricata_netflow;kind:integer -suricata.netflow.min_ttl=db:suricata.netflow.min_ttl;group:suricata_netflow;kind:integer -suricata.netflow.pkts=db:suricata.netflow.pkts;group:suricata_netflow;kind:integer -suricata.netflow.start=db:suricata.netflow.start;group:suricata_netflow;kind:termfield - -suricata.nfs.file_tx=db:suricata.nfs.file_tx;group:suricata_nfs;kind:termfield -suricata.nfs.filename=db:suricata.nfs.filename;group:suricata_nfs;kind:termfield -suricata.nfs.hhash=db:suricata.nfs.hhash;group:suricata_nfs;kind:termfield -suricata.nfs.id=db:suricata.nfs.id;group:suricata_nfs;kind:integer -suricata.nfs.procedure=db:suricata.nfs.procedure;group:suricata_nfs;kind:termfield -suricata.nfs.rename.from=db:suricata.nfs.rename.from;group:suricata_nfs;kind:termfield -suricata.nfs.rename.to=db:suricata.nfs.rename.to;group:suricata_nfs;kind:termfield -suricata.nfs.status=db:suricata.nfs.status;group:suricata_nfs;kind:termfield -suricata.nfs.type=db:suricata.nfs.type;group:suricata_nfs;kind:termfield -suricata.nfs.version=db:suricata.nfs.version;group:suricata_nfs;kind:integer - -suricata.rdp.channels=db:suricata.rdp.channels;group:suricata_rdp;kind:termfield -suricata.rdp.client.build=db:suricata.rdp.client.build;group:suricata_rdp;kind:termfield -suricata.rdp.client.capabilities=db:suricata.rdp.client.capabilities;group:suricata_rdp;kind:termfield -suricata.rdp.client.client_name=db:suricata.rdp.client.client_name;group:suricata_rdp;kind:termfield -suricata.rdp.client.color_depth=db:suricata.rdp.client.color_depth;group:suricata_rdp;kind:integer -suricata.rdp.client.connection_hint=db:suricata.rdp.client.connection_hint;group:suricata_rdp;kind:termfield -suricata.rdp.client.desktop_height=db:suricata.rdp.client.desktop_height;group:suricata_rdp;kind:integer -suricata.rdp.client.desktop_width=db:suricata.rdp.client.desktop_width;group:suricata_rdp;kind:integer -suricata.rdp.client.function_keys=db:suricata.rdp.client.function_keys;group:suricata_rdp;kind:integer -suricata.rdp.client.id=db:suricata.rdp.client.id;group:suricata_rdp;kind:termfield -suricata.rdp.client.keyboard_layout=db:suricata.rdp.client.keyboard_layout;group:suricata_rdp;kind:termfield -suricata.rdp.client.keyboard_type=db:suricata.rdp.client.keyboard_type;group:suricata_rdp;kind:termfield -suricata.rdp.client.product_id=db:suricata.rdp.client.product_id;group:suricata_rdp;kind:termfield -suricata.rdp.client.version=db:suricata.rdp.client.version;group:suricata_rdp;kind:termfield -suricata.rdp.cookie=db:suricata.rdp.cookie;group:suricata_rdp;kind:termfield -suricata.rdp.error_code=db:suricata.rdp.error_code;group:suricata_rdp;kind:integer -suricata.rdp.event_type=db:suricata.rdp.event_type;group:suricata_rdp;kind:termfield -suricata.rdp.protocol=db:suricata.rdp.protocol;group:suricata_rdp;kind:termfield -suricata.rdp.reason=db:suricata.rdp.reason;group:suricata_rdp;kind:termfield -suricata.rdp.server_supports=db:suricata.rdp.server_supports;group:suricata_rdp;kind:termfield -suricata.rdp.tx_id=db:suricata.rdp.tx_id;group:suricata_rdp;kind:termfield -suricata.rdp.x509_serials=db:suricata.rdp.x509_serials;group:suricata_rdp;kindrpc:termfield - -suricata.rpc.auth_type=db:suricata.rpc.auth_type;group:suricata_rpc;kind:termfield -suricata.rpc.creds.gid=db:suricata.rpc.creds.gid;group:suricata_rpc;kind:integer -suricata.rpc.creds.machine_name=db:suricata.rpc.creds.machine_name;group:suricata_rpc;kind:termfield -suricata.rpc.creds.uid=db:suricata.rpc.creds.uid;group:suricata_rpc;kind:integer -suricata.rpc.status=db:suricata.rpc.status;group:suricata_rpc;kind:termfield -suricata.rpc.xid=db:suricata.rpc.xid;group:suricata_rpc;kind:integer - -suricata.sip.code=db:suricata.sip.code;group:suricata_sip;kind:termfield -suricata.sip.method=db:suricata.sip.method;group:suricata_sip;kind:termfield -suricata.sip.reason=db:suricata.sip.reason;group:suricata_sip;kind:termfield -suricata.sip.request_line=db:suricata.sip.request_line;group:suricata_sip;kind:termfield -suricata.sip.response_line=db:suricata.sip.response_line;group:suricata_sip;kind:termfield -suricata.sip.uri=db:suricata.sip.uri;group:suricata_sip;kind:termfield -suricata.sip.version=db:suricata.sip.version;group:suricata_sip;kind:termfield - -suricata.smb.access=db:suricata.smb.access;group:suricata_smb;kind:termfield -suricata.smb.accessed=db:suricata.smb.accessed;group:suricata_smb;kind:integer -suricata.smb.changed=db:suricata.smb.changed;group:suricata_smb;kind:integer -suricata.smb.client_dialects=db:suricata.smb.client_dialects;group:suricata_smb;kind:termfield -suricata.smb.client_guid=db:suricata.smb.client_guid;group:suricata_smb;kind:termfield -suricata.smb.command=db:suricata.smb.command;group:suricata_smb;kind:termfield -suricata.smb.created=db:suricata.smb.created;group:suricata_smb;kind:integer -suricata.smb.dcerpc.call_id=db:suricata.smb.dcerpc.call_id;group:suricata_smb;kind:termfield -suricata.smb.dcerpc.interfaces.ack_reason=db:suricata.smb.dcerpc.interfaces.ack_reason;group:suricata_smb;kind:integer -suricata.smb.dcerpc.interfaces.ack_result=db:suricata.smb.dcerpc.interfaces.ack_result;group:suricata_smb;kind:integer -suricata.smb.dcerpc.interfaces.uuid=db:suricata.smb.dcerpc.interfaces.uuid;group:suricata_smb;kind:termfield -suricata.smb.dcerpc.interfaces.version=db:suricata.smb.dcerpc.interfaces.version;group:suricata_smb;kind:termfield -suricata.smb.dcerpc.opnum=db:suricata.smb.dcerpc.opnum;group:suricata_smb;kind:integer -suricata.smb.dcerpc.req.frag_cnt=db:suricata.smb.dcerpc.req.frag_cnt;group:suricata_smb;kind:integer -suricata.smb.dcerpc.req.stub_data_size=db:suricata.smb.dcerpc.req.stub_data_size;group:suricata_smb;kind:integer -suricata.smb.dcerpc.request=db:suricata.smb.dcerpc.request;group:suricata_smb;kind:termfield -suricata.smb.dcerpc.res.frag_cnt=db:suricata.smb.dcerpc.res.frag_cnt;group:suricata_smb;kind:integer -suricata.smb.dcerpc.res.stub_data_size=db:suricata.smb.dcerpc.res.stub_data_size;group:suricata_smb;kind:integer -suricata.smb.dcerpc.response=db:suricata.smb.dcerpc.response;group:suricata_smb;kind:termfield -suricata.smb.dialect=db:suricata.smb.dialect;group:suricata_smb;kind:termfield -suricata.smb.directory=db:suricata.smb.directory;group:suricata_smb;kind:termfield -suricata.smb.disposition=db:suricata.smb.disposition;group:suricata_smb;kind:termfield -suricata.smb.filename=db:suricata.smb.filename;group:suricata_smb;kind:termfield -suricata.smb.fuid=db:suricata.smb.fuid;group:suricata_smb;kind:termfield -suricata.smb.function=db:suricata.smb.function;group:suricata_smb;kind:termfield -suricata.smb.id=db:suricata.smb.id;group:suricata_smb;kind:integer -suricata.smb.kerberos.realm=db:suricata.smb.kerberos.realm;group:suricata_smb;kind:termfield -suricata.smb.kerberos.snames=db:suricata.smb.kerberos.snames;group:suricata_smb;kind:termfield -suricata.smb.modified=db:suricata.smb.modified;group:suricata_smb;kind:integer -suricata.smb.named_pipe=db:suricata.smb.named_pipe;group:suricata_smb;kind:termfield -suricata.smb.ntlmssp.domain=db:suricata.smb.ntlmssp.domain;group:suricata_smb;kind:termfield -suricata.smb.ntlmssp.host=db:suricata.smb.ntlmssp.host;group:suricata_smb;kind:termfield -suricata.smb.ntlmssp.user=db:suricata.smb.ntlmssp.user;group:suricata_smb;kind:termfield -suricata.smb.rename.from=db:suricata.smb.rename.from;group:suricata_smb;kind:termfield -suricata.smb.rename.to=db:suricata.smb.rename.to;group:suricata_smb;kind:termfield -suricata.smb.request.native_lm=db:suricata.smb.request.native_lm;group:suricata_smb;kind:termfield -suricata.smb.request.native_os=db:suricata.smb.request.native_os;group:suricata_smb;kind:termfield -suricata.smb.response.native_lm=db:suricata.smb.response.native_lm;group:suricata_smb;kind:termfield -suricata.smb.response.native_os=db:suricata.smb.response.native_os;group:suricata_smb;kind:termfield -suricata.smb.server_guid=db:suricata.smb.server_guid;group:suricata_smb;kind:termfield -suricata.smb.service.request=db:suricata.smb.service.request;group:suricata_smb;kind:termfield -suricata.smb.service.response=db:suricata.smb.service.response;group:suricata_smb;kind:termfield -suricata.smb.session_id=db:suricata.smb.session_id;group:suricata_smb;kind:termfield -suricata.smb.set_info.class=db:suricata.smb.set_info.class;group:suricata_smb;kind:termfield -suricata.smb.set_info.info_level=db:suricata.smb.set_info.info_level;group:suricata_smb;kind:termfield -suricata.smb.share=db:suricata.smb.share;group:suricata_smb;kind:termfield -suricata.smb.share_type=db:suricata.smb.share_type;group:suricata_smb;kind:termfield -suricata.smb.size=db:suricata.smb.size;group:suricata_smb;kind:integer -suricata.smb.status=db:suricata.smb.status;group:suricata_smb;kind:termfield -suricata.smb.status_code=db:suricata.smb.status_code;group:suricata_smb;kind:termfield -suricata.smb.tree_id=db:suricata.smb.tree_id;group:suricata_smb;kind:termfield - -suricata.smtp.helo=db:suricata.smtp.helo;group:suricata_smtp;kind:termfield -suricata.smtp.mail_from=db:suricata.smtp.mail_from;group:suricata_smtp;kind:termfield -suricata.smtp.rcpt_to=db:suricata.smtp.rcpt_to;group:suricata_smtp;kind:termfield - -suricata.snmp.community=db:suricata.snmp.community;group:suricata_snmp;kind:termfield -suricata.snmp.error=db:suricata.snmp.error;group:suricata_snmp;kind:termfield -suricata.snmp.pdu_type=db:suricata.snmp.pdu_type;group:suricata_snmp;kind:termfield -suricata.snmp.trap_address=db:suricata.snmp.trap_address;group:suricata_snmp;kind:termfield -suricata.snmp.trap_oid=db:suricata.snmp.trap_oid;group:suricata_snmp;kind:termfield -suricata.snmp.trap_type=db:suricata.snmp.trap_type;group:suricata_snmp;kind:termfield -suricata.snmp.usm=db:suricata.snmp.usm;group:suricata_snmp;kind:termfield -suricata.snmp.vars=db:suricata.snmp.vars;group:suricata_snmp;kind:termfield -suricata.snmp.version=db:suricata.snmp.version;group:suricata_snmp;kind:integer - -suricata.ssh.client.proto_version=db:suricata.ssh.client.proto_version;group:suricata_ssh;kind:termfield -suricata.ssh.client.software_version=db:suricata.ssh.client.software_version;group:suricata_ssh;kind:termfield -suricata.ssh.server.proto_version=db:suricata.ssh.server.proto_version;group:suricata_ssh;kind:termfield -suricata.ssh.server.software_version=db:suricata.ssh.server.software_version;group:suricata_ssh;kind:termfield - -suricata.tcp.ack=db:suricata.tcp.ack;group:suricata_tcp;kind:termfield -suricata.tcp.cwr=db:suricata.tcp.cwr;group:suricata_tcp;kind:termfield -suricata.tcp.ecn=db:suricata.tcp.ecn;group:suricata_tcp;kind:termfield -suricata.tcp.fin=db:suricata.tcp.fin;group:suricata_tcp;kind:termfield -suricata.tcp.psh=db:suricata.tcp.psh;group:suricata_tcp;kind:termfield -suricata.tcp.rst=db:suricata.tcp.rst;group:suricata_tcp;kind:termfield -suricata.tcp.state=db:suricata.tcp.state;group:suricata_tcp;kind:termfield -suricata.tcp.syn=db:suricata.tcp.syn;group:suricata_tcp;kind:termfield -suricata.tcp.tcp_flags=db:suricata.tcp.tcp_flags;group:suricata_tcp;kind:termfield -suricata.tcp.tcp_flags_tc=db:suricata.tcp.tcp_flags_tc;group:suricata_tcp;kind:termfield -suricata.tcp.tcp_flags_ts=db:suricata.tcp.tcp_flags_ts;group:suricata_tcp;kind:termfield -suricata.tcp.urg=db:suricata.tcp.urg;group:suricata_tcp;kind:termfield - -suricata.tftp.file=db:suricata.tftp.file;group:suricata_tftp;kind:termfield -suricata.tftp.mode=db:suricata.tftp.mode;group:suricata_tftp;kind:termfield -suricata.tftp.packet=db:suricata.tftp.packet;group:suricata_tftp;kind:termfield - -suricata.tls.fingerprint=db:suricata.tls.fingerprint;group:suricata_tls;kind:termfield -suricata.tls.from_proto=db:suricata.tls.from_proto;group:suricata_tls;kind:termfield -suricata.tls.issuerdn=db:suricata.tls.issuerdn;group:suricata_tls;kind:termfield -suricata.tls.notafter=db:suricata.tls.notafter;group:suricata_tls;kind:termfield -suricata.tls.notbefore=db:suricata.tls.notbefore;group:suricata_tls;kind:termfield -suricata.tls.serial=db:suricata.tls.serial;group:suricata_tls;kind:termfield -suricata.tls.session_resumed=db:suricata.tls.session_resumed;group:suricata_tls;kind:termfield -suricata.tls.sni=db:suricata.tls.sni;group:suricata_tls;kind:termfield -suricata.tls.subject=db:suricata.tls.subject;group:suricata_tls;kind:termfield -suricata.tls.version=db:suricata.tls.version;group:suricata_tls;kind:termfield - -suricata.tunnel.depth=db:suricata.tunnel.depth;group:suricata_tunnel;kind:integer -suricata.tunnel.dest_ip=db:suricata.tunnel.dest_ip;group:suricata_tunnel;kind:termfield -suricata.tunnel.dest_port=db:suricata.tunnel.dest_port;group:suricata_tunnel;kind:integer -suricata.tunnel.proto=db:suricata.tunnel.proto;group:suricata_tunnel;kind:termfield -suricata.tunnel.src_ip=db:suricata.tunnel.src_ip;group:suricata_tunnel;kind:termfield -suricata.tunnel.src_port=db:suricata.tunnel.src_port;group:suricata_tunnel;kind:integer +suricata.action=db:suricata.action;group:suricata_common;kind:termfield;viewerOnly:true +suricata.app_proto_expected=db:suricata.app_proto_expected;group:suricata_common;kind:termfield;viewerOnly:true +suricata.app_proto_orig=db:suricata.app_proto_orig;group:suricata_common;kind:termfield;viewerOnly:true +suricata.app_proto_tc=db:suricata.app_proto_tc;group:suricata_common;kind:termfield;viewerOnly:true +suricata.app_proto_ts=db:suricata.app_proto_ts;group:suricata_common;kind:termfield;viewerOnly:true +suricata.category=db:suricata.category;group:suricata_common;kind:termfield;viewerOnly:true +suricata.flow_id=db:suricata.flow_id;group:suricata_common;kind:termfield;viewerOnly:true +suricata.pcap_cnt=db:suricata.pcap_cnt;group:suricata_common;kind:integer;viewerOnly:true +suricata.pcap_filename=db:suricata.pcap_filename;group:suricata_common;kind:termfield;viewerOnly:true +suricata.severity=db:suricata.severity;group:suricata_common;kind:termfield;viewerOnly:true +suricata.signature=db:suricata.signature;group:suricata_common;kind:termfield;viewerOnly:true +suricata.stream=db:suricata.stream;group:suricata_common;kind:integer;viewerOnly:true +suricata.timestamp=db:suricata.timestamp;group:suricata_common;kind:termfield;viewerOnly:true +suricata.tx_id=db:suricata.tx_id;group:suricata_common;kind:termfield;viewerOnly:true + +suricata.alert.action=db:suricata.alert.action;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.metadata.created_at=db:suricata.alert.metadata.created_at;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.metadata.malware_family=db:suricata.alert.metadata.malware_family;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.metadata.performance_impact=db:suricata.alert.metadata.performance_impact;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.metadata.signature_severity=db:suricata.alert.metadata.signature_severity;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.metadata.updated_at=db:suricata.alert.metadata.updated_at;group:suricata_alert;kind:termfield;viewerOnly:true +suricata.alert.rev=db:suricata.alert.rev;group:suricata_alert;kind:integer;viewerOnly:true +suricata.alert.severity=db:suricata.alert.severity;group:suricata_alert;kind:integer;viewerOnly:true + +suricata.anomaly.app_proto=db:suricata.anomaly.app_proto;group:suricata_anomaly;kind:termfield;viewerOnly:true +suricata.anomaly.code=db:suricata.anomaly.code;group:suricata_anomaly;kind:integer;viewerOnly:true +suricata.anomaly.event=db:suricata.anomaly.event;group:suricata_anomaly;kind:termfield;viewerOnly:true +suricata.anomaly.event_no=db:suricata.anomaly.event_no;group:suricata_anomaly;kind:termfield;viewerOnly:true +suricata.anomaly.layer=db:suricata.anomaly.layer;group:suricata_anomaly;kind:termfield;viewerOnly:true +suricata.anomaly.type=db:suricata.anomaly.type;group:suricata_anomaly;kind:termfield;viewerOnly:true + +suricata.dhcp.assigned_ip=db:suricata.dhcp.assigned_ip;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.client_id=db:suricata.dhcp.client_id;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.client_ip=db:suricata.dhcp.client_ip;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.client_mac=db:suricata.dhcp.client_mac;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.dhcp_type=db:suricata.dhcp.dhcp_type;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.dns_servers=db:suricata.dhcp.dns_servers;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.hostname=db:suricata.dhcp.hostname;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.id=db:suricata.dhcp.id;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.lease_time=db:suricata.dhcp.lease_time;group:suricata_dhcp;kind:integer;viewerOnly:true +suricata.dhcp.next_server_ip=db:suricata.dhcp.next_server_ip;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.params=db:suricata.dhcp.params;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.rebinding_time=db:suricata.dhcp.rebinding_time;group:suricata_dhcp;kind:integer;viewerOnly:true +suricata.dhcp.relay_ip=db:suricata.dhcp.relay_ip;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.renewal_time=db:suricata.dhcp.renewal_time;group:suricata_dhcp;kind:integer;viewerOnly:true +suricata.dhcp.requested_ip=db:suricata.dhcp.requested_ip;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.routers=db:suricata.dhcp.routers;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.subnet_mask=db:suricata.dhcp.subnet_mask;group:suricata_dhcp;kind:termfield;viewerOnly:true +suricata.dhcp.type=db:suricata.dhcp.type;group:suricata_dhcp;kind:termfield;viewerOnly:true + +suricata.dnp3.application.complete=db:suricata.dnp3.application.complete;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.control.con=db:suricata.dnp3.application.control.con;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.control.fin=db:suricata.dnp3.application.control.fin;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.control.fir=db:suricata.dnp3.application.control.fir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.control.sequence=db:suricata.dnp3.application.control.sequence;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.control.uns=db:suricata.dnp3.application.control.uns;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.function_code=db:suricata.dnp3.application.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.count=db:suricata.dnp3.application.objects.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.group=db:suricata.dnp3.application.objects.group;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.authentication_key=db:suricata.dnp3.application.objects.points.authentication_key;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.block_number=db:suricata.dnp3.application.objects.points.block_number;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.challenge_data_len=db:suricata.dnp3.application.objects.points.challenge_data_len;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.chatter_filter=db:suricata.dnp3.application.objects.points.chatter_filter;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.comm_lost=db:suricata.dnp3.application.objects.points.comm_lost;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.count=db:suricata.dnp3.application.objects.points.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.cr=db:suricata.dnp3.application.objects.points.cr;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.created=db:suricata.dnp3.application.objects.points.created;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.data.mac_value=db:suricata.dnp3.application.objects.points.data.mac_value;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.data.wrapped_key_data=db:suricata.dnp3.application.objects.points.data.wrapped_key_data;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.delay_ms=db:suricata.dnp3.application.objects.points.delay_ms;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.file_data=db:suricata.dnp3.application.objects.points.file_data;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.file_handle=db:suricata.dnp3.application.objects.points.file_handle;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.file_size=db:suricata.dnp3.application.objects.points.file_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.filename=db:suricata.dnp3.application.objects.points.filename;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.filename_offset=db:suricata.dnp3.application.objects.points.filename_offset;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.filename_size=db:suricata.dnp3.application.objects.points.filename_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.index=db:suricata.dnp3.application.objects.points.index;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.key_status=db:suricata.dnp3.application.objects.points.key_status;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.key_wrap_alg=db:suricata.dnp3.application.objects.points.key_wrap_alg;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.ksq=db:suricata.dnp3.application.objects.points.ksq;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.local_forced=db:suricata.dnp3.application.objects.points.local_forced;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.mal=db:suricata.dnp3.application.objects.points.mal;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.maximum_block_size=db:suricata.dnp3.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.offtime=db:suricata.dnp3.application.objects.points.offtime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.online=db:suricata.dnp3.application.objects.points.online;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.ontime=db:suricata.dnp3.application.objects.points.ontime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.op_type=db:suricata.dnp3.application.objects.points.op_type;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.operational_mode=db:suricata.dnp3.application.objects.points.operational_mode;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.optional_text=db:suricata.dnp3.application.objects.points.optional_text;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.over_range=db:suricata.dnp3.application.objects.points.over_range;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.permissions=db:suricata.dnp3.application.objects.points.permissions;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.prefix=db:suricata.dnp3.application.objects.points.prefix;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.qu=db:suricata.dnp3.application.objects.points.qu;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.reference_err=db:suricata.dnp3.application.objects.points.reference_err;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.remote_forced=db:suricata.dnp3.application.objects.points.remote_forced;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.request_id=db:suricata.dnp3.application.objects.points.request_id;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.reserved0=db:suricata.dnp3.application.objects.points.reserved0;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.reserved1=db:suricata.dnp3.application.objects.points.reserved1;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.reserved=db:suricata.dnp3.application.objects.points.reserved;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.restart=db:suricata.dnp3.application.objects.points.restart;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.size=db:suricata.dnp3.application.objects.points.size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.state=db:suricata.dnp3.application.objects.points.state;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.status_code=db:suricata.dnp3.application.objects.points.status_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.tcc=db:suricata.dnp3.application.objects.points.tcc;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.timestamp=db:suricata.dnp3.application.objects.points.timestamp;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.points.user_number=db:suricata.dnp3.application.objects.points.user_number;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.usr=db:suricata.dnp3.application.objects.points.usr;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.points.value=db:suricata.dnp3.application.objects.points.value;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.application.objects.prefix_code=db:suricata.dnp3.application.objects.prefix_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.qualifier=db:suricata.dnp3.application.objects.qualifier;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.range_code=db:suricata.dnp3.application.objects.range_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.start=db:suricata.dnp3.application.objects.start;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.stop=db:suricata.dnp3.application.objects.stop;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.application.objects.variation=db:suricata.dnp3.application.objects.variation;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.control.dir=db:suricata.dnp3.control.dir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.control.fcb=db:suricata.dnp3.control.fcb;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.control.fcv=db:suricata.dnp3.control.fcv;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.control.function_code=db:suricata.dnp3.control.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.control.pri=db:suricata.dnp3.control.pri;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.dst=db:suricata.dnp3.dst;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.iin.indicators=db:suricata.dnp3.iin.indicators;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.complete=db:suricata.dnp3.request.application.complete;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.control.con=db:suricata.dnp3.request.application.control.con;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.control.fin=db:suricata.dnp3.request.application.control.fin;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.control.fir=db:suricata.dnp3.request.application.control.fir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.control.sequence=db:suricata.dnp3.request.application.control.sequence;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.control.uns=db:suricata.dnp3.request.application.control.uns;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.function_code=db:suricata.dnp3.request.application.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.count=db:suricata.dnp3.request.application.objects.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.group=db:suricata.dnp3.request.application.objects.group;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.authentication_key=db:suricata.dnp3.request.application.objects.points.authentication_key;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.count=db:suricata.dnp3.request.application.objects.points.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.cr=db:suricata.dnp3.request.application.objects.points.cr;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.created=db:suricata.dnp3.request.application.objects.points.created;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.file_size=db:suricata.dnp3.request.application.objects.points.file_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.filename=db:suricata.dnp3.request.application.objects.points.filename;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.objects.points.filename_offset=db:suricata.dnp3.request.application.objects.points.filename_offset;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.filename_size=db:suricata.dnp3.request.application.objects.points.filename_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.index=db:suricata.dnp3.request.application.objects.points.index;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.maximum_block_size=db:suricata.dnp3.request.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.offtime=db:suricata.dnp3.request.application.objects.points.offtime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.ontime=db:suricata.dnp3.request.application.objects.points.ontime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.op_type=db:suricata.dnp3.request.application.objects.points.op_type;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.operational_mode=db:suricata.dnp3.request.application.objects.points.operational_mode;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.permissions=db:suricata.dnp3.request.application.objects.points.permissions;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.prefix=db:suricata.dnp3.request.application.objects.points.prefix;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.qu=db:suricata.dnp3.request.application.objects.points.qu;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.request_id=db:suricata.dnp3.request.application.objects.points.request_id;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.objects.points.reserved=db:suricata.dnp3.request.application.objects.points.reserved;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.size=db:suricata.dnp3.request.application.objects.points.size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.status_code=db:suricata.dnp3.request.application.objects.points.status_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.tcc=db:suricata.dnp3.request.application.objects.points.tcc;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.points.timestamp=db:suricata.dnp3.request.application.objects.points.timestamp;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.application.objects.points.user_number=db:suricata.dnp3.request.application.objects.points.user_number;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.prefix_code=db:suricata.dnp3.request.application.objects.prefix_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.qualifier=db:suricata.dnp3.request.application.objects.qualifier;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.range_code=db:suricata.dnp3.request.application.objects.range_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.start=db:suricata.dnp3.request.application.objects.start;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.stop=db:suricata.dnp3.request.application.objects.stop;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.application.objects.variation=db:suricata.dnp3.request.application.objects.variation;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.control.dir=db:suricata.dnp3.request.control.dir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.control.fcb=db:suricata.dnp3.request.control.fcb;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.control.fcv=db:suricata.dnp3.request.control.fcv;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.control.function_code=db:suricata.dnp3.request.control.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.control.pri=db:suricata.dnp3.request.control.pri;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.request.dst=db:suricata.dnp3.request.dst;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.src=db:suricata.dnp3.request.src;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.request.type=db:suricata.dnp3.request.type;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.complete=db:suricata.dnp3.response.application.complete;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.control.con=db:suricata.dnp3.response.application.control.con;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.control.fin=db:suricata.dnp3.response.application.control.fin;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.control.fir=db:suricata.dnp3.response.application.control.fir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.control.sequence=db:suricata.dnp3.response.application.control.sequence;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.control.uns=db:suricata.dnp3.response.application.control.uns;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.function_code=db:suricata.dnp3.response.application.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.count=db:suricata.dnp3.response.application.objects.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.group=db:suricata.dnp3.response.application.objects.group;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.challenge_data_len=db:suricata.dnp3.response.application.objects.points.challenge_data_len;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.chatter_filter=db:suricata.dnp3.response.application.objects.points.chatter_filter;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.comm_lost=db:suricata.dnp3.response.application.objects.points.comm_lost;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.count=db:suricata.dnp3.response.application.objects.points.count;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.cr=db:suricata.dnp3.response.application.objects.points.cr;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.data.challenge_data=db:suricata.dnp3.response.application.objects.points.data.challenge_data;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.objects.points.data.mac_value=db:suricata.dnp3.response.application.objects.points.data.mac_value;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.objects.points.delay_ms=db:suricata.dnp3.response.application.objects.points.delay_ms;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.file_handle=db:suricata.dnp3.response.application.objects.points.file_handle;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.file_size=db:suricata.dnp3.response.application.objects.points.file_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.index=db:suricata.dnp3.response.application.objects.points.index;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.key_status=db:suricata.dnp3.response.application.objects.points.key_status;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.key_wrap_alg=db:suricata.dnp3.response.application.objects.points.key_wrap_alg;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.ksq=db:suricata.dnp3.response.application.objects.points.ksq;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.local_forced=db:suricata.dnp3.response.application.objects.points.local_forced;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.mal=db:suricata.dnp3.response.application.objects.points.mal;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.maximum_block_size=db:suricata.dnp3.response.application.objects.points.maximum_block_size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.offtime=db:suricata.dnp3.response.application.objects.points.offtime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.online=db:suricata.dnp3.response.application.objects.points.online;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.ontime=db:suricata.dnp3.response.application.objects.points.ontime;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.op_type=db:suricata.dnp3.response.application.objects.points.op_type;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.optional_text=db:suricata.dnp3.response.application.objects.points.optional_text;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.objects.points.over_range=db:suricata.dnp3.response.application.objects.points.over_range;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.prefix=db:suricata.dnp3.response.application.objects.points.prefix;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.qu=db:suricata.dnp3.response.application.objects.points.qu;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.reference_err=db:suricata.dnp3.response.application.objects.points.reference_err;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.remote_forced=db:suricata.dnp3.response.application.objects.points.remote_forced;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.request_id=db:suricata.dnp3.response.application.objects.points.request_id;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.objects.points.reserved0=db:suricata.dnp3.response.application.objects.points.reserved0;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.reserved1=db:suricata.dnp3.response.application.objects.points.reserved1;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.reserved=db:suricata.dnp3.response.application.objects.points.reserved;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.restart=db:suricata.dnp3.response.application.objects.points.restart;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.size=db:suricata.dnp3.response.application.objects.points.size;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.state=db:suricata.dnp3.response.application.objects.points.state;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.status_code=db:suricata.dnp3.response.application.objects.points.status_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.tcc=db:suricata.dnp3.response.application.objects.points.tcc;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.user_number=db:suricata.dnp3.response.application.objects.points.user_number;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.points.value=db:suricata.dnp3.response.application.objects.points.value;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.application.objects.prefix_code=db:suricata.dnp3.response.application.objects.prefix_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.qualifier=db:suricata.dnp3.response.application.objects.qualifier;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.range_code=db:suricata.dnp3.response.application.objects.range_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.start=db:suricata.dnp3.response.application.objects.start;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.stop=db:suricata.dnp3.response.application.objects.stop;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.application.objects.variation=db:suricata.dnp3.response.application.objects.variation;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.control.dir=db:suricata.dnp3.response.control.dir;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.control.fcb=db:suricata.dnp3.response.control.fcb;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.control.fcv=db:suricata.dnp3.response.control.fcv;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.control.function_code=db:suricata.dnp3.response.control.function_code;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.control.pri=db:suricata.dnp3.response.control.pri;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.dst=db:suricata.dnp3.response.dst;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.iin.indicators=db:suricata.dnp3.response.iin.indicators;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.response.src=db:suricata.dnp3.response.src;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.response.type=db:suricata.dnp3.response.type;group:suricata_dnp3;kind:termfield;viewerOnly:true +suricata.dnp3.src=db:suricata.dnp3.src;group:suricata_dnp3;kind:integer;viewerOnly:true +suricata.dnp3.type=db:suricata.dnp3.type;group:suricata_dnp3;kind:termfield;viewerOnly:true + +suricata.dns.aa=db:suricata.dns.aa;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.aa=db:suricata.dns.answer.aa;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.authorities.rrname=db:suricata.dns.answer.authorities.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.authorities.rrtype=db:suricata.dns.answer.authorities.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.authorities.ttl=db:suricata.dns.answer.authorities.ttl;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.answer.flags=db:suricata.dns.answer.flags;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.id=db:suricata.dns.answer.id;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.answer.qr=db:suricata.dns.answer.qr;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.ra=db:suricata.dns.answer.ra;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.rcode=db:suricata.dns.answer.rcode;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.rrname=db:suricata.dns.answer.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.rrtype=db:suricata.dns.answer.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.type=db:suricata.dns.answer.type;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answer.version=db:suricata.dns.answer.version;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.answers.rdata=db:suricata.dns.answers.rdata;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answers.rrname=db:suricata.dns.answers.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answers.rrtype=db:suricata.dns.answers.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.answers.ttl=db:suricata.dns.answers.ttl;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.authorities.rdata=db:suricata.dns.authorities.rdata;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.authorities.rrname=db:suricata.dns.authorities.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.authorities.rrtype=db:suricata.dns.authorities.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.authorities.ttl=db:suricata.dns.authorities.ttl;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.flags=db:suricata.dns.flags;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.qr=db:suricata.dns.qr;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.query.id=db:suricata.dns.query.id;group:suricata_dns;kind:integer;viewerOnly:true +suricata.dns.query.rrname=db:suricata.dns.query.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.query.rrtype=db:suricata.dns.query.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.query.tx_id=db:suricata.dns.query.tx_id;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.query.type=db:suricata.dns.query.type;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.ra=db:suricata.dns.ra;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.rd=db:suricata.dns.rd;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.rrname=db:suricata.dns.rrname;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.rrtype=db:suricata.dns.rrtype;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.tc=db:suricata.dns.tc;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.tx_id=db:suricata.dns.tx_id;group:suricata_dns;kind:termfield;viewerOnly:true +suricata.dns.version=db:suricata.dns.version;group:suricata_dns;kind:integer;viewerOnly:true + +suricata.email.attachment=db:suricata.email.attachment;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.body_md5=db:suricata.email.body_md5;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.cc=db:suricata.email.cc;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.from=db:suricata.email.from;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.status=db:suricata.email.status;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.subject_md5=db:suricata.email.subject_md5;group:suricata_email;kind:termfield;viewerOnly:true +suricata.email.to=db:suricata.email.to;group:suricata_email;kind:termfield;viewerOnly:true + +suricata.fileinfo.end=db:suricata.fileinfo.end;group:suricata_fileinfo;kind:integer;viewerOnly:true +suricata.fileinfo.file_id=db:suricata.fileinfo.file_id;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.filename=db:suricata.fileinfo.filename;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.gaps=db:suricata.fileinfo.gaps;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.magic=db:suricata.fileinfo.magic;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.md5=db:suricata.fileinfo.md5;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.sha1=db:suricata.fileinfo.sha1;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.sha256=db:suricata.fileinfo.sha256;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.sid=db:suricata.fileinfo.sid;group:suricata_fileinfo;kind:integer;viewerOnly:true +suricata.fileinfo.size=db:suricata.fileinfo.size;group:suricata_fileinfo;kind:integer;viewerOnly:true +suricata.fileinfo.start=db:suricata.fileinfo.start;group:suricata_fileinfo;kind:integer;viewerOnly:true +suricata.fileinfo.state=db:suricata.fileinfo.state;group:suricata_fileinfo;kind:termfield;viewerOnly:true +suricata.fileinfo.tx_id=db:suricata.fileinfo.tx_id;group:suricata_fileinfo;kind:termfield;viewerOnly:true + +suricata.files.end=db:suricata.files.end;group:suricata_files;kind:termfield;viewerOnly:true +suricata.files.filename=db:suricata.files.filename;group:suricata_files;kind:termfield;viewerOnly:true +suricata.files.gaps=db:suricata.files.gaps;group:suricata_files;kind:termfield;viewerOnly:true +suricata.files.size=db:suricata.files.size;group:suricata_files;kind:integer;viewerOnly:true +suricata.files.start=db:suricata.files.start;group:suricata_files;kind:termfield;viewerOnly:true +suricata.files.state=db:suricata.files.state;group:suricata_files;kind:termfield;viewerOnly:true +suricata.files.tx_id=db:suricata.files.tx_id;group:suricata_files;kind:termfield;viewerOnly:true + +suricata.flow.age=db:suricata.flow.age;group:suricata_flow;kind:integer;viewerOnly:true +suricata.flow.alerted=db:suricata.flow.alerted;group:suricata_flow;kind:termfield;viewerOnly:true +suricata.flow.bytes_toclient=db:suricata.flow.bytes_toclient;group:suricata_flow;kind:integer;viewerOnly:true +suricata.flow.bytes_toserver=db:suricata.flow.bytes_toserver;group:suricata_flow;kind:integer;viewerOnly:true +suricata.flow.emergency=db:suricata.flow.emergency;group:suricata_flow;kind:termfield;viewerOnly:true +suricata.flow.end=db:suricata.flow.end;group:suricata_flow;kind:termfield;viewerOnly:true +suricata.flow.pkts_toclient=db:suricata.flow.pkts_toclient;group:suricata_flow;kind:integer;viewerOnly:true +suricata.flow.pkts_toserver=db:suricata.flow.pkts_toserver;group:suricata_flow;kind:integer;viewerOnly:true +suricata.flow.reason=db:suricata.flow.reason;group:suricata_flow;kind:termfield;viewerOnly:true +suricata.flow.start=db:suricata.flow.start;group:suricata_flow;kind:termfield;viewerOnly:true +suricata.flow.state=db:suricata.flow.state;group:suricata_flow;kind:termfield;viewerOnly:true + +suricata.ftp.command=db:suricata.ftp.command;group:suricata_ftp;kind:termfield;viewerOnly:true +suricata.ftp.command_data=db:suricata.ftp.command_data;group:suricata_ftp;kind:termfield;viewerOnly:true +suricata.ftp.completion_code=db:suricata.ftp.completion_code;group:suricata_ftp;kind:termfield;viewerOnly:true +suricata.ftp.dynamic_port=db:suricata.ftp.dynamic_port;group:suricata_ftp;kind:integer;viewerOnly:true +suricata.ftp.reply=db:suricata.ftp.reply;group:suricata_ftp;kind:termfield;viewerOnly:true +suricata.ftp.reply_received=db:suricata.ftp.reply_received;group:suricata_ftp;kind:termfield;viewerOnly:true + +suricata.http.content_range.end=db:suricata.http.content_range.end;group:suricata_http;kind:integer;viewerOnly:true +suricata.http.content_range.raw=db:suricata.http.content_range.raw;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.content_range.size=db:suricata.http.content_range.size;group:suricata_http;kind:integer;viewerOnly:true +suricata.http.content_range.start=db:suricata.http.content_range.start;group:suricata_http;kind:integer;viewerOnly:true +suricata.http.hostname=db:suricata.http.hostname;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_content_type=db:suricata.http.http_content_type;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_method=db:suricata.http.http_method;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_port=db:suricata.http.http_port;group:suricata_http;kind:integer;viewerOnly:true +suricata.http.http_refer=db:suricata.http.http_refer;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_request_body=db:suricata.http.http_request_body;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_request_body_printable=db:suricata.http.http_request_body_printable;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_response_body=db:suricata.http.http_response_body;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_response_body_printable=db:suricata.http.http_response_body_printable;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.http_user_agent=db:suricata.http.http_user_agent;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.length=db:suricata.http.length;group:suricata_http;kind:integer;viewerOnly:true +suricata.http.protocol=db:suricata.http.protocol;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.redirect=db:suricata.http.redirect;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.request_headers.name=db:suricata.http.request_headers.name;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.request_headers.value=db:suricata.http.request_headers.value;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.response_headers.name=db:suricata.http.response_headers.name;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.response_headers.value=db:suricata.http.response_headers.value;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.status=db:suricata.http.status;group:suricata_http;kind:termfield;viewerOnly:true +suricata.http.url=db:suricata.http.url;group:suricata_http;kind:termfield;viewerOnly:true + +suricata.icmp_code=db:suricata.icmp_code;group:suricata_icmp;kind:integer;viewerOnly:true +suricata.icmp_type=db:suricata.icmp_type;group:suricata_icmp;kind:integer;viewerOnly:true +suricata.response_icmp_code=db:suricata.response_icmp_code;group:suricata_icmp;kind:integer;viewerOnly:true +suricata.response_icmp_type=db:suricata.response_icmp_type;group:suricata_icmp;kind:integer;viewerOnly:true + +suricata.ikev2.alg_auth=db:suricata.ikev2.alg_auth;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.alg_dh=db:suricata.ikev2.alg_dh;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.alg_enc=db:suricata.ikev2.alg_enc;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.alg_esn=db:suricata.ikev2.alg_esn;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.alg_prf=db:suricata.ikev2.alg_prf;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.errors=db:suricata.ikev2.errors;group:suricata_ikev2;kind:integer;viewerOnly:true +suricata.ikev2.exchange_type=db:suricata.ikev2.exchange_type;group:suricata_ikev2;kind:integer;viewerOnly:true +suricata.ikev2.init_spi=db:suricata.ikev2.init_spi;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.message_id=db:suricata.ikev2.message_id;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.notify=db:suricata.ikev2.notify;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.payload=db:suricata.ikev2.payload;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.resp_spi=db:suricata.ikev2.resp_spi;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.role=db:suricata.ikev2.role;group:suricata_ikev2;kind:termfield;viewerOnly:true +suricata.ikev2.version_major=db:suricata.ikev2.version_major;group:suricata_ikev2;kind:integer;viewerOnly:true +suricata.ikev2.version_minor=db:suricata.ikev2.version_minor;group:suricata_ikev2;kind:integer;viewerOnly:true + +suricata.krb5.cname=db:suricata.krb5.cname;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.encryption=db:suricata.krb5.encryption;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.error_code=db:suricata.krb5.error_code;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.failed_request=db:suricata.krb5.failed_request;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.msg_type=db:suricata.krb5.msg_type;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.realm=db:suricata.krb5.realm;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.sname=db:suricata.krb5.sname;group:suricata_krb5;kind:termfield;viewerOnly:true +suricata.krb5.weak_encryption=db:suricata.krb5.weak_encryption;group:suricata_krb5;kind:termfield;viewerOnly:true + +suricata.netflow.age=db:suricata.netflow.age;group:suricata_netflow;kind:integer;viewerOnly:true +suricata.netflow.bytes=db:suricata.netflow.bytes;group:suricata_netflow;kind:integer;viewerOnly:true +suricata.netflow.end=db:suricata.netflow.end;group:suricata_netflow;kind:termfield;viewerOnly:true +suricata.netflow.max_ttl=db:suricata.netflow.max_ttl;group:suricata_netflow;kind:integer;viewerOnly:true +suricata.netflow.min_ttl=db:suricata.netflow.min_ttl;group:suricata_netflow;kind:integer;viewerOnly:true +suricata.netflow.pkts=db:suricata.netflow.pkts;group:suricata_netflow;kind:integer;viewerOnly:true +suricata.netflow.start=db:suricata.netflow.start;group:suricata_netflow;kind:termfield;viewerOnly:true + +suricata.nfs.file_tx=db:suricata.nfs.file_tx;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.filename=db:suricata.nfs.filename;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.hhash=db:suricata.nfs.hhash;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.id=db:suricata.nfs.id;group:suricata_nfs;kind:integer;viewerOnly:true +suricata.nfs.procedure=db:suricata.nfs.procedure;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.rename.from=db:suricata.nfs.rename.from;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.rename.to=db:suricata.nfs.rename.to;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.status=db:suricata.nfs.status;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.type=db:suricata.nfs.type;group:suricata_nfs;kind:termfield;viewerOnly:true +suricata.nfs.version=db:suricata.nfs.version;group:suricata_nfs;kind:integer;viewerOnly:true + +suricata.rdp.channels=db:suricata.rdp.channels;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.build=db:suricata.rdp.client.build;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.capabilities=db:suricata.rdp.client.capabilities;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.client_name=db:suricata.rdp.client.client_name;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.color_depth=db:suricata.rdp.client.color_depth;group:suricata_rdp;kind:integer;viewerOnly:true +suricata.rdp.client.connection_hint=db:suricata.rdp.client.connection_hint;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.desktop_height=db:suricata.rdp.client.desktop_height;group:suricata_rdp;kind:integer;viewerOnly:true +suricata.rdp.client.desktop_width=db:suricata.rdp.client.desktop_width;group:suricata_rdp;kind:integer;viewerOnly:true +suricata.rdp.client.function_keys=db:suricata.rdp.client.function_keys;group:suricata_rdp;kind:integer;viewerOnly:true +suricata.rdp.client.id=db:suricata.rdp.client.id;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.keyboard_layout=db:suricata.rdp.client.keyboard_layout;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.keyboard_type=db:suricata.rdp.client.keyboard_type;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.product_id=db:suricata.rdp.client.product_id;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.client.version=db:suricata.rdp.client.version;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.cookie=db:suricata.rdp.cookie;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.error_code=db:suricata.rdp.error_code;group:suricata_rdp;kind:integer;viewerOnly:true +suricata.rdp.event_type=db:suricata.rdp.event_type;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.protocol=db:suricata.rdp.protocol;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.reason=db:suricata.rdp.reason;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.server_supports=db:suricata.rdp.server_supports;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.tx_id=db:suricata.rdp.tx_id;group:suricata_rdp;kind:termfield;viewerOnly:true +suricata.rdp.x509_serials=db:suricata.rdp.x509_serials;group:suricata_rdp;kind:termfield;viewerOnly:true + +suricata.rpc.auth_type=db:suricata.rpc.auth_type;group:suricata_rpc;kind:termfield;viewerOnly:true +suricata.rpc.creds.gid=db:suricata.rpc.creds.gid;group:suricata_rpc;kind:integer;viewerOnly:true +suricata.rpc.creds.machine_name=db:suricata.rpc.creds.machine_name;group:suricata_rpc;kind:termfield;viewerOnly:true +suricata.rpc.creds.uid=db:suricata.rpc.creds.uid;group:suricata_rpc;kind:integer;viewerOnly:true +suricata.rpc.status=db:suricata.rpc.status;group:suricata_rpc;kind:termfield;viewerOnly:true +suricata.rpc.xid=db:suricata.rpc.xid;group:suricata_rpc;kind:integer;viewerOnly:true + +suricata.sip.code=db:suricata.sip.code;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.method=db:suricata.sip.method;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.reason=db:suricata.sip.reason;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.request_line=db:suricata.sip.request_line;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.response_line=db:suricata.sip.response_line;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.uri=db:suricata.sip.uri;group:suricata_sip;kind:termfield;viewerOnly:true +suricata.sip.version=db:suricata.sip.version;group:suricata_sip;kind:termfield;viewerOnly:true + +suricata.smb.access=db:suricata.smb.access;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.accessed=db:suricata.smb.accessed;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.changed=db:suricata.smb.changed;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.client_dialects=db:suricata.smb.client_dialects;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.client_guid=db:suricata.smb.client_guid;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.command=db:suricata.smb.command;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.created=db:suricata.smb.created;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.call_id=db:suricata.smb.dcerpc.call_id;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.dcerpc.interfaces.ack_reason=db:suricata.smb.dcerpc.interfaces.ack_reason;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.interfaces.ack_result=db:suricata.smb.dcerpc.interfaces.ack_result;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.interfaces.uuid=db:suricata.smb.dcerpc.interfaces.uuid;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.dcerpc.interfaces.version=db:suricata.smb.dcerpc.interfaces.version;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.dcerpc.opnum=db:suricata.smb.dcerpc.opnum;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.req.frag_cnt=db:suricata.smb.dcerpc.req.frag_cnt;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.req.stub_data_size=db:suricata.smb.dcerpc.req.stub_data_size;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.request=db:suricata.smb.dcerpc.request;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.dcerpc.res.frag_cnt=db:suricata.smb.dcerpc.res.frag_cnt;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.res.stub_data_size=db:suricata.smb.dcerpc.res.stub_data_size;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.dcerpc.response=db:suricata.smb.dcerpc.response;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.dialect=db:suricata.smb.dialect;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.directory=db:suricata.smb.directory;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.disposition=db:suricata.smb.disposition;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.filename=db:suricata.smb.filename;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.fuid=db:suricata.smb.fuid;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.function=db:suricata.smb.function;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.id=db:suricata.smb.id;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.kerberos.realm=db:suricata.smb.kerberos.realm;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.kerberos.snames=db:suricata.smb.kerberos.snames;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.modified=db:suricata.smb.modified;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.named_pipe=db:suricata.smb.named_pipe;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.ntlmssp.domain=db:suricata.smb.ntlmssp.domain;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.ntlmssp.host=db:suricata.smb.ntlmssp.host;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.ntlmssp.user=db:suricata.smb.ntlmssp.user;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.rename.from=db:suricata.smb.rename.from;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.rename.to=db:suricata.smb.rename.to;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.request.native_lm=db:suricata.smb.request.native_lm;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.request.native_os=db:suricata.smb.request.native_os;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.response.native_lm=db:suricata.smb.response.native_lm;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.response.native_os=db:suricata.smb.response.native_os;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.server_guid=db:suricata.smb.server_guid;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.service.request=db:suricata.smb.service.request;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.service.response=db:suricata.smb.service.response;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.session_id=db:suricata.smb.session_id;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.set_info.class=db:suricata.smb.set_info.class;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.set_info.info_level=db:suricata.smb.set_info.info_level;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.share=db:suricata.smb.share;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.share_type=db:suricata.smb.share_type;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.size=db:suricata.smb.size;group:suricata_smb;kind:integer;viewerOnly:true +suricata.smb.status=db:suricata.smb.status;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.status_code=db:suricata.smb.status_code;group:suricata_smb;kind:termfield;viewerOnly:true +suricata.smb.tree_id=db:suricata.smb.tree_id;group:suricata_smb;kind:termfield;viewerOnly:true + +suricata.smtp.helo=db:suricata.smtp.helo;group:suricata_smtp;kind:termfield;viewerOnly:true +suricata.smtp.mail_from=db:suricata.smtp.mail_from;group:suricata_smtp;kind:termfield;viewerOnly:true +suricata.smtp.rcpt_to=db:suricata.smtp.rcpt_to;group:suricata_smtp;kind:termfield;viewerOnly:true + +suricata.snmp.community=db:suricata.snmp.community;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.error=db:suricata.snmp.error;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.pdu_type=db:suricata.snmp.pdu_type;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.trap_address=db:suricata.snmp.trap_address;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.trap_oid=db:suricata.snmp.trap_oid;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.trap_type=db:suricata.snmp.trap_type;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.usm=db:suricata.snmp.usm;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.vars=db:suricata.snmp.vars;group:suricata_snmp;kind:termfield;viewerOnly:true +suricata.snmp.version=db:suricata.snmp.version;group:suricata_snmp;kind:integer;viewerOnly:true + +suricata.ssh.client.proto_version=db:suricata.ssh.client.proto_version;group:suricata_ssh;kind:termfield;viewerOnly:true +suricata.ssh.client.software_version=db:suricata.ssh.client.software_version;group:suricata_ssh;kind:termfield;viewerOnly:true +suricata.ssh.server.proto_version=db:suricata.ssh.server.proto_version;group:suricata_ssh;kind:termfield;viewerOnly:true +suricata.ssh.server.software_version=db:suricata.ssh.server.software_version;group:suricata_ssh;kind:termfield;viewerOnly:true + +suricata.tcp.ack=db:suricata.tcp.ack;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.cwr=db:suricata.tcp.cwr;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.ecn=db:suricata.tcp.ecn;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.fin=db:suricata.tcp.fin;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.psh=db:suricata.tcp.psh;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.rst=db:suricata.tcp.rst;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.state=db:suricata.tcp.state;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.syn=db:suricata.tcp.syn;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.tcp_flags=db:suricata.tcp.tcp_flags;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.tcp_flags_tc=db:suricata.tcp.tcp_flags_tc;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.tcp_flags_ts=db:suricata.tcp.tcp_flags_ts;group:suricata_tcp;kind:termfield;viewerOnly:true +suricata.tcp.urg=db:suricata.tcp.urg;group:suricata_tcp;kind:termfield;viewerOnly:true + +suricata.tftp.file=db:suricata.tftp.file;group:suricata_tftp;kind:termfield;viewerOnly:true +suricata.tftp.mode=db:suricata.tftp.mode;group:suricata_tftp;kind:termfield;viewerOnly:true +suricata.tftp.packet=db:suricata.tftp.packet;group:suricata_tftp;kind:termfield;viewerOnly:true + +suricata.tls.fingerprint=db:suricata.tls.fingerprint;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.from_proto=db:suricata.tls.from_proto;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.issuerdn=db:suricata.tls.issuerdn;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.notafter=db:suricata.tls.notafter;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.notbefore=db:suricata.tls.notbefore;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.serial=db:suricata.tls.serial;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.session_resumed=db:suricata.tls.session_resumed;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.sni=db:suricata.tls.sni;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.subject=db:suricata.tls.subject;group:suricata_tls;kind:termfield;viewerOnly:true +suricata.tls.version=db:suricata.tls.version;group:suricata_tls;kind:termfield;viewerOnly:true + +suricata.tunnel.depth=db:suricata.tunnel.depth;group:suricata_tunnel;kind:integer;viewerOnly:true +suricata.tunnel.dest_ip=db:suricata.tunnel.dest_ip;group:suricata_tunnel;kind:termfield;viewerOnly:true +suricata.tunnel.dest_port=db:suricata.tunnel.dest_port;group:suricata_tunnel;kind:integer;viewerOnly:true +suricata.tunnel.proto=db:suricata.tunnel.proto;group:suricata_tunnel;kind:termfield;viewerOnly:true +suricata.tunnel.src_ip=db:suricata.tunnel.src_ip;group:suricata_tunnel;kind:termfield;viewerOnly:true +suricata.tunnel.src_port=db:suricata.tunnel.src_port;group:suricata_tunnel;kind:integer;viewerOnly:true # some of the suricata custom views are commented out when > 2 levels # deep due to arkime/arkime#1781 (and pugjs/pug#3292) @@ -2559,9 +2556,9 @@ n_netbox_segment_originator=require:source.segment.id;title:NetBox Segment (Orig n_netbox_segment_responder=require:destination.segment.id;title:NetBox Segment (Responder);fields:destination.segment.id,destination.segment.name,destination.segment.site,destination.segment.tenant,destination.segment.url n_netbox_z_related=require:related.site;title:NetBox Related;fields:related.site,network.name,related.manufacturer,related.device_type,related.role,related.device_name,related.service o_zeek_bacnet=require:zeek.bacnet;title:Zeek bacnet.log;fields:zeek.bacnet.bvlc_function,zeek.bacnet.pdu_type,zeek.bacnet.pdu_service,zeek.bacnet.invoke_id,zeek.bacnet.instance_number,zeek.bacnet.result_code -o_zeek_bacnet_discovery=require:zeek.bacnet_discovery;title:Zeek bacnet_discovery.log;fields:zeek.bacnet_discovery.pdu_service,zeek.bacnet_discovery.object_type,zeek.bacnet_discovery.vendor,zeek.bacnet_discovery.range,zeek.bacnet_discovery.range_low,zeek.bacnet_discovery.range_high,zeek.bacnet_discovery.object_name -o_zeek_bacnet_device_control=require:zeek.bacnet_device_control;title:Zeek bacnet_device_control.log;fields:zeek.bacnet_device_control.pdu_service,zeek.bacnet_device_control.time_duration,zeek.bacnet_device_control.device_state,zeek.bacnet_device_control.result,zeek.bacnet_device_control.result_code -o_zeek_bacnet_property=require:zeek.bacnet_property;title:Zeek bacnet_property.log;fields:zeek.bacnet_property.pdu_service,zeek.bacnet_property.object_type,zeek.bacnet_property.property,zeek.bacnet_property.array_index,zeek.bacnet_property.value +o_zeek_bacnet_discovery=require:zeek.bacnet_discovery;title:Zeek bacnet_discovery.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_discovery.object_type,zeek.bacnet_discovery.vendor,zeek.bacnet_discovery.range,zeek.bacnet_discovery.range_low,zeek.bacnet_discovery.range_high,zeek.bacnet_discovery.object_name +o_zeek_bacnet_device_control=require:zeek.bacnet_device_control;title:Zeek bacnet_device_control.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_device_control.time_duration,zeek.bacnet_device_control.device_state,zeek.bacnet_device_control.result,zeek.bacnet_device_control.result_code +o_zeek_bacnet_property=require:zeek.bacnet_property;title:Zeek bacnet_property.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_property.object_type,zeek.bacnet_property.property,zeek.bacnet_property.array_index,zeek.bacnet_property.value o_zeek_bestguess=require:zeek.bestguess;title:Zeek bestguess.log;fields:zeek.bestguess.name,zeek.bestguess.category o_zeek_bsap_ip_header=require:zeek.bsap_ip_header;title:Zeek bsap_ip_header.log;fields:zeek.bsap_ip_header.num_msg,zeek.bsap_ip_header.type_name o_zeek_bsap_ip_rdb=require:zeek.bsap_ip_rdb;title:Zeek bsap_ip_rdb.log;fields:zeek.bsap_ip_rdb.app_func_code,zeek.bsap_ip_rdb.variables.var,zeek.bsap_ip_rdb.variables.val,zeek.bsap_ip_rdb.variable_count,zeek.bsap_ip_rdb.func_code,zeek.bsap_ip_rdb.header_size,zeek.bsap_ip_rdb.mes_seq,zeek.bsap_ip_rdb.node_status,zeek.bsap_ip_rdb.res_seq,zeek.bsap_ip_rdb.sequence diff --git a/arkime/patch/fields_db_max_5000.patch b/arkime/patch/fields_db_max_5000.patch deleted file mode 100644 index 71f802603..000000000 --- a/arkime/patch/fields_db_max_5000.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/capture/db.c b/capture/db.c -index 8970c661..8d7dddd1 100644 ---- a/capture/db.c -+++ b/capture/db.c -@@ -2323,7 +2323,7 @@ LOCAL void moloch_db_load_fields() - char key[100]; - int key_len; - -- key_len = snprintf(key, sizeof(key), "/%sfields/_search?size=3000", config.prefix); -+ key_len = snprintf(key, sizeof(key), "/%sfields/_search?size=%d", config.prefix, MOLOCH_FIELDS_DB_MAX); - unsigned char *data = moloch_http_get(esServer, key, key_len, &data_len); - - if (!data) { -diff --git a/capture/moloch.h b/capture/moloch.h -index c5f93acd..c41e3ede 100644 ---- a/capture/moloch.h -+++ b/capture/moloch.h -@@ -364,7 +364,7 @@ enum MolochRotate { - */ - - #define MOLOCH_FIELD_NOT_FOUND -1 --#define MOLOCH_FIELDS_DB_MAX 512 -+#define MOLOCH_FIELDS_DB_MAX 5000 - #define MOLOCH_FIELDS_CNT_MIN MOLOCH_FIELDS_DB_MAX - #define MOLOCH_FIELDS_CNT_MAX (MOLOCH_FIELDS_DB_MAX*2) - #define MOLOCH_FIELD_EXSPECIAL_START (MOLOCH_FIELDS_CNT_MAX) -diff --git a/capture/plugins/wise.c b/capture/plugins/wise.c -index 8000ad0c..f809ad3d 100644 ---- a/capture/plugins/wise.c -+++ b/capture/plugins/wise.c -@@ -111,7 +111,7 @@ typedef struct wiseitem_head { - uint32_t wil_count; - } WiseItemHead_t; - --#define WISE_MAX_REQUEST_ITEMS 512 -+#define WISE_MAX_REQUEST_ITEMS MOLOCH_FIELDS_DB_MAX - typedef struct wiserequest { - BSB bsb; - WiseItem_t *items[WISE_MAX_REQUEST_ITEMS]; -diff --git a/viewer/db.js b/viewer/db.js -index 96a75ecd..12f24c0b 100644 ---- a/viewer/db.js -+++ b/viewer/db.js -@@ -1747,7 +1747,7 @@ exports.sid2Index = function (id, options) { - }; - - exports.loadFields = async () => { -- return exports.search('fields', 'field', { size: 3000 }); -+ return exports.search('fields', 'field', { size: 5000 }); - }; - - exports.getIndices = async (startTime, stopTime, bounding, rotateIndex) => { diff --git a/arkime/patch/viewer_db_opensearchv2_keyword_hack.patch b/arkime/patch/viewer_db_opensearchv2_keyword_hack.patch deleted file mode 100644 index 1d18f92a8..000000000 --- a/arkime/patch/viewer_db_opensearchv2_keyword_hack.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/viewer/db.js b/viewer/db.js -index 96a75ecd..0289b67c 100644 ---- a/viewer/db.js -+++ b/viewer/db.js -@@ -392,7 +392,13 @@ function fixSessionFields (fields, unflatten) { - delete fields[f]; - for (let i = 0; i < path.length; i++) { - if (i === path.length - 1) { -- key[path[i]] = value; -+ // HACKITY-HACK-HACK -+ // This was breaking in OpenSearch v2. @andywick says he doesn't think the .keyword -+ // fields should be showing up here, but here we are. -+ // "Doctor, it hurts when I do this." "Don't do that." -+ if (path[i] !== 'keyword') { -+ key[path[i]] = value; -+ } - break; - } else if (key[path[i]] === undefined) { - key[path[i]] = {}; diff --git a/arkime/patch/viewer_loadfields_max_10000.patch b/arkime/patch/viewer_loadfields_max_10000.patch new file mode 100644 index 000000000..8c0ef6c3c --- /dev/null +++ b/arkime/patch/viewer_loadfields_max_10000.patch @@ -0,0 +1,13 @@ +diff --git a/viewer/db.js b/viewer/db.js +index 96a75ecd..12f24c0b 100644 +--- a/viewer/db.js ++++ b/viewer/db.js +@@ -1747,7 +1747,7 @@ exports.sid2Index = function (id, options) { + }; + + exports.loadFields = async () => { +- return exports.search('fields', 'field', { size: 3000 }); ++ return exports.search('fields', 'field', { size: 10000 }); + }; + + exports.getIndices = async (startTime, stopTime, bounding, rotateIndex) => { diff --git a/arkime/wise/source.zeeklogs.js b/arkime/wise/source.zeeklogs.js index 063b6ea45..dcd12298e 100644 --- a/arkime/wise/source.zeeklogs.js +++ b/arkime/wise/source.zeeklogs.js @@ -753,21 +753,18 @@ class MalcolmSource extends WISESource { "zeek.bacnet.pdu_service", "zeek.bacnet.pdu_type", "zeek.bacnet.result_code", - "zeek.bacnet_device_control.pdu_service", "zeek.bacnet_device_control.time_duration", "zeek.bacnet_device_control.device_state", "zeek.bacnet_device_control.result", "zeek.bacnet_device_control.result_code", "zeek.bacnet_discovery.object_name", "zeek.bacnet_discovery.object_type", - "zeek.bacnet_discovery.pdu_service", "zeek.bacnet_discovery.range", "zeek.bacnet_discovery.range_high", "zeek.bacnet_discovery.range_low", "zeek.bacnet_discovery.vendor", "zeek.bacnet_property.array_index", "zeek.bacnet_property.object_type", - "zeek.bacnet_property.pdu_service", "zeek.bacnet_property.property", "zeek.bacnet_property.value", "zeek.bestguess.category", diff --git a/config/zeek.env.example b/config/zeek.env.example index 060fe1290..843463bb2 100644 --- a/config/zeek.env.example +++ b/config/zeek.env.example @@ -50,7 +50,6 @@ ZEEK_DISABLE_HASH_ALL_FILES= ZEEK_DISABLE_LOG_PASSWORDS= ZEEK_DISABLE_SSL_VALIDATE_CERTS= ZEEK_DISABLE_TRACK_ALL_ASSETS= -ZEEK_DISABLE_BEST_GUESS_ICS=true ZEEK_DISABLE_SPICY_DHCP=true ZEEK_DISABLE_SPICY_DNS=true ZEEK_DISABLE_SPICY_HTTP=true @@ -61,4 +60,19 @@ ZEEK_DISABLE_SPICY_STUN= ZEEK_DISABLE_SPICY_TAILSCALE= ZEEK_DISABLE_SPICY_TFTP= ZEEK_DISABLE_SPICY_WIREGUARD= -ZEEK_SYNCHROPHASOR_DETAILED= \ No newline at end of file +ZEEK_DISABLE_ICS_ALL= +ZEEK_DISABLE_ICS_BACNET= +ZEEK_DISABLE_ICS_BSAP= +ZEEK_DISABLE_ICS_DNP3= +ZEEK_DISABLE_ICS_ENIP= +ZEEK_DISABLE_ICS_ETHERCAT= +ZEEK_DISABLE_ICS_GENISYS= +ZEEK_DISABLE_ICS_OPCUA_BINARY= +ZEEK_DISABLE_ICS_MODBUS= +ZEEK_DISABLE_ICS_PROFINET= +ZEEK_DISABLE_ICS_S7COMM= +ZEEK_DISABLE_ICS_SYNCHROPHASOR= +ZEEK_SYNCHROPHASOR_PORTS= +ZEEK_SYNCHROPHASOR_DETAILED= +ZEEK_GENISYS_PORTS= +ZEEK_DISABLE_BEST_GUESS_ICS=true \ No newline at end of file diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index b2eddc07c..9f7aed2f3 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -651,7 +651,7 @@ "columns": [ "source.ip", "zeek.known_modbus.device_type", - "event.id" + "network.direction" ], "sort": [ [ diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json index 2f218e86c..0ccb7b879 100644 --- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json @@ -370,7 +370,7 @@ "version": "WzIwMywxXQ==", "attributes": { "title": "BACnet - Device Discovery", - "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", + "visState": "{\"title\":\"BACnet - Device Discovery\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Vendor\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Identifier\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_discovery.vendor\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vendor\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", "description": "Results from BACnet i-am and i-have commands", "version": 1, @@ -400,7 +400,7 @@ "version": "WzIwMiwxXQ==", "attributes": { "title": "BACnet - Read and Write Property ", - "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", + "visState": "{\"title\":\"BACnet - Read and Write Property \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":6,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Property Value\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.object_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.instance_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Object Identifier\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet.pdu_service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"PDU Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.property\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.bacnet_property.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Property Value\"}}]}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}}", "description": "Results from BACnet Read-Property and Write-Property Commands", "version": 1, @@ -477,7 +477,7 @@ "columns": [ "source.ip", "destination.ip", - "zeek.bacnet_property.pdu_service", + "zeek.bacnet.pdu_service", "zeek.bacnet_property.object_type", "zeek.bacnet.instance_number", "zeek.bacnet_property.property", @@ -520,7 +520,7 @@ "columns": [ "source.ip", "destination.ip", - "zeek.bacnet_discovery.pdu_service", + "zeek.bacnet.pdu_service", "zeek.bacnet_discovery.object_type", "zeek.bacnet.instance_number", "zeek.bacnet_discovery.vendor" @@ -570,7 +570,7 @@ "sort": [], "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:bacnet_device_control\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.dataset:bacnet_device_control\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" } }, "references": [ diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index 50ce2f5c9..1bd5dfef3 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -1,569 +1,569 @@ -{ - "version": "1.3.1", - "objects": [ - { - "id": "95479950-41f2-11ea-88fa-7151df485405", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:31:25.103Z", - "version": "WzExMjYsMV0=", - "attributes": { - "title": "Security Overview", - "hits": 0, - "description": "", - "panelsJSON": "[{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":32,\"i\":\"e8718353-4f86-4746-9ac0-8a755bd3813a\"},\"panelIndex\":\"e8718353-4f86-4746-9ac0-8a755bd3813a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":32,\"i\":\"172d3708-82e7-4cb1-84ad-010955614e8b\"},\"panelIndex\":\"172d3708-82e7-4cb1-84ad-010955614e8b\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":32,\"w\":12,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":12,\"y\":32,\"w\":21,\"h\":18,\"i\":\"e1779497-5073-4664-9f4a-474aebfa2c78\"},\"panelIndex\":\"e1779497-5073-4664-9f4a-474aebfa2c78\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":33,\"y\":32,\"w\":15,\"h\":18,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":50,\"w\":28,\"h\":18,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":28,\"y\":50,\"w\":10,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":38,\"y\":50,\"w\":10,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":68,\"w\":26,\"h\":29,\"i\":\"6beedf2b-5d72-48af-a90f-f56781764efe\"},\"panelIndex\":\"6beedf2b-5d72-48af-a90f-f56781764efe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":26,\"y\":68,\"w\":22,\"h\":29,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}},\"panelRefName\":\"panel_10\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":33,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_11\"},{\"version\":\"1.3.1\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":31,\"i\":\"ad7c7773-e54a-4da3-8e6e-7da232febdef\"},\"panelIndex\":\"ad7c7773-e54a-4da3-8e6e-7da232febdef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", - "optionsJSON": "{\"useMargins\":true}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" - } - }, - "references": [ - { - "name": "panel_0", - "type": "visualization", - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" - }, - { - "name": "panel_1", - "type": "visualization", - "id": "8f673450-cbd9-11ec-a50a-5fedd672f5c5" - }, - { - "name": "panel_2", - "type": "visualization", - "id": "a5acf7f0-cbdd-11ec-a50a-5fedd672f5c5" - }, - { - "name": "panel_3", - "type": "visualization", - "id": "e9f27fa0-41f8-11ea-88fa-7151df485405" - }, - { - "name": "panel_4", - "type": "visualization", - "id": "596d20d0-d147-11ec-ab4e-83a83b5e27a4" - }, - { - "name": "panel_5", - "type": "visualization", - "id": "c5b1e590-41f3-11ea-88fa-7151df485405" - }, - { - "name": "panel_6", - "type": "visualization", - "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405" - }, - { - "name": "panel_7", - "type": "visualization", - "id": "4a183420-41f3-11ea-88fa-7151df485405" - }, - { - "name": "panel_8", - "type": "visualization", - "id": "0ffb5790-41f3-11ea-88fa-7151df485405" - }, - { - "name": "panel_9", - "type": "visualization", - "id": "3a582cc0-6fab-11eb-958c-51e33b5cae2a" - }, - { - "name": "panel_10", - "type": "visualization", - "id": "69241a80-421d-11ea-9084-41ab7c5fff2e" - }, - { - "name": "panel_11", - "type": "visualization", - "id": "f7b3ba60-41f7-11ea-88fa-7151df485405" - }, - { - "name": "panel_12", - "type": "search", - "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "dashboard": "7.9.3" - } - }, - { - "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:09:14.850Z", - "version": "WzgwNiwxXQ==", - "attributes": { - "title": "Network Logs", - "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/dashboards/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](/dashboards/app/dashboards#/view/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](/dashboards/app/dashboards#/view/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](/dashboards/app/dashboards#/view/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](/dashboards/app/dashboards#/view/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](/dashboards/app/dashboards#/view/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](/dashboards/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](/dashboards/app/dashboards#/view/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](/dashboards/app/dashboards#/view/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](/dashboards/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](/dashboards/app/dashboards#/view/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](/dashboards/app/dashboards#/view/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](/dashboards/app/dashboards#/view/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](/dashboards/app/dashboards#/view/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/sessions) \\n\\n### Common Protocols\\n[DCE/RPC](/dashboards/app/dashboards#/view/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](/dashboards/app/dashboards#/view/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](/dashboards/app/dashboards#/view/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](/dashboards/app/dashboards#/view/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](/dashboards/app/dashboards#/view/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](/dashboards/app/dashboards#/view/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](/dashboards/app/dashboards#/view/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](/dashboards/app/dashboards#/view/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](/dashboards/app/dashboards#/view/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](/dashboards/app/dashboards#/view/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](/dashboards/app/dashboards#/view/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](/dashboards/app/dashboards#/view/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](/dashboards/app/dashboards#/view/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](/dashboards/app/dashboards#/view/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](/dashboards/app/dashboards#/view/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](/dashboards/app/dashboards#/view/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](/dashboards/app/dashboards#/view/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](/dashboards/app/dashboards#/view/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](/dashboards/app/dashboards#/view/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](/dashboards/app/dashboards#/view/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](/dashboards/app/dashboards#/view/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](/dashboards/app/dashboards#/view/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](/dashboards/app/dashboards#/view/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](/dashboards/app/dashboards#/view/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/dashboards/app/dashboards#/view/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](/dashboards/app/dashboards#/view/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](/dashboards/app/dashboards#/view/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](/dashboards/app/dashboards#/view/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/dashboards/app/dashboards#/view/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/dashboards/app/dashboards#/view/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](/dashboards/app/dashboards#/view/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](/dashboards/app/dashboards#/view/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/dashboards/app/dashboards#/view/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](/dashboards/app/dashboards#/view/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](/dashboards/app/dashboards#/view/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](/dashboards/app/dashboards#/view/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](/dashboards/app/dashboards#/view/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](/dashboards/app/dashboards#/view/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](/dashboards/app/dashboards#/view/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](/dashboards/app/dashboards#/view/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](/dashboards/app/dashboards#/view/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](/dashboards/app/dashboards#/view/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](/dashboards/app/dashboards#/view/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](/dashboards/app/dashboards#/view/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" - } - }, - "references": [], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "8f673450-cbd9-11ec-a50a-5fedd672f5c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUwNywxXQ==", - "attributes": { - "title": "Normalized Event Category", - "visState": "{\"title\":\"Normalized Event Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Transport\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"rule.category:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "a5acf7f0-cbdd-11ec-a50a-5fedd672f5c5", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUwOCwxXQ==", - "attributes": { - "title": "Notice, Alert, Signature and Weird - Summary", - "visState": "{\"title\":\"Notice, Alert, Signature and Weird - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "e9f27fa0-41f8-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUwOSwxXQ==", - "attributes": { - "title": "Outdated/Insecure Application Protocols", - "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"(NOT event.dataset:known*) AND ((network.protocol:ssh AND network.protocol_version < 2) OR (network.protocol:smb AND network.protocol_version < 2) OR (network.protocol:tls AND NOT network.protocol_version:(*TLS*v12* OR *TLS*v13*)) OR (network.protocol:ntp AND network.protocol_version < 4) OR (network.protocol:rfb AND network.protocol_version < 3.8) OR (network.protocol:rdp AND network.protocol_version < 6.0) OR (network.protocol:snmp AND network.protocol_version < 3) OR (network.protocol:ldap AND network.protocol_version < 3) OR (network.protocol:ftp) OR (network.protocol:tftp) OR (network.protocol:telnet) OR (network.protocol:rlogin) OR (network.protocol:rsh))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "596d20d0-d147-11ec-ab4e-83a83b5e27a4", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:28:11.485Z", - "version": "WzEwOTksMV0=", - "attributes": { - "title": "Vulnerabilities", - "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"firstPacket\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "c5b1e590-41f3-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxMiwxXQ==", - "attributes": { - "title": "Clear-text Transmission of Passwords ", - "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\\\\*password:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxNCwxXQ==", - "attributes": { - "title": "Inbound Access By Protocol Over Time", - "visState": "{\"title\":\"Inbound Access By Protocol Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"network.protocol:(ssh OR rdp OR rfb OR telnet OR rlogin OR rsh OR openvpn OR ipsec OR wireguard) AND network.direction:(inbound OR outbound)\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "4a183420-41f3-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxMSwxXQ==", - "attributes": { - "title": "Outbound Internal Traffic by Country", - "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"network.direction:outbound\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "0ffb5790-41f3-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxMCwxXQ==", - "attributes": { - "title": "Inbound External Traffic by Country", - "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"network.direction:inbound\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "3a582cc0-6fab-11eb-958c-51e33b5cae2a", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxMywxXQ==", - "attributes": { - "title": "File Transfers", - "visState": "{\"title\":\"File Transfers\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":42,\"showLabel\":false}}", - "uiStateJSON": "{}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "69241a80-421d-11ea-9084-41ab7c5fff2e", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxNSwxXQ==", - "attributes": { - "title": "DNS Queries by Randomness", - "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "f7b3ba60-41f7-11ea-88fa-7151df485405", - "type": "visualization", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxNiwxXQ==", - "attributes": { - "title": "Connections by Destination Country (region map)", - "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"
OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service
\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", - "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[37.16031654673677,-5.7511603125000015]}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" - }, - "savedSearchRefName": "search_0" - }, - "references": [ - { - "name": "search_0", - "type": "search", - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" - } - ], - "migrationVersion": { - "visualization": "7.10.0" - } - }, - { - "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxNywxXQ==", - "attributes": { - "title": "Notice, Alert, Signature and Weird - Logs", - "description": "", - "hits": 0, - "columns": [ - "event.provider", - "event.dataset", - "event.module", - "rule.category", - "rule.name", - "network.protocol", - "source.ip", - "destination.ip", - "event.severity_tags", - "event.id" - ], - "sort": [], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"(event.provider:zeek AND event.dataset:(notice OR signatures OR weird)) OR (event.provider:suricata AND event.dataset:alert)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:09:11.826Z", - "version": "Wzc4MSwxXQ==", - "attributes": { - "title": "Connections - Logs", - "description": "", - "hits": 0, - "columns": [ - "network.transport", - "network.protocol", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.bytes", - "event.id" - ], - "sort": [ - [ - "firstPacket", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - }, - { - "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", - "type": "search", - "namespaces": [ - "default" - ], - "updated_at": "2022-05-11T16:08:47.608Z", - "version": "WzUxOSwxXQ==", - "attributes": { - "title": "DNS - Logs", - "description": "", - "hits": 0, - "columns": [ - "source.ip", - "destination.ip", - "zeek.dns.query", - "zeek.dns.answers", - "event.id" - ], - "sort": [ - [ - "firstPacket", - "desc" - ] - ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - } - }, - "references": [ - { - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern", - "id": "arkime_sessions3-*" - } - ], - "migrationVersion": { - "search": "7.9.3" - } - } - ] +{ + "version": "2.8.0", + "objects": [ + { + "id": "95479950-41f2-11ea-88fa-7151df485405", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T19:51:11.803Z", + "version": "Wzk0OSwxXQ==", + "attributes": { + "title": "Security Overview", + "hits": 0, + "description": "", + "panelsJSON": "[{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":32,\"i\":\"e8718353-4f86-4746-9ac0-8a755bd3813a\"},\"panelIndex\":\"e8718353-4f86-4746-9ac0-8a755bd3813a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":32,\"i\":\"172d3708-82e7-4cb1-84ad-010955614e8b\"},\"panelIndex\":\"172d3708-82e7-4cb1-84ad-010955614e8b\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":4,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_2\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":12,\"h\":18,\"i\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\"},\"panelIndex\":\"1789e54a-db27-4e5e-92d3-2f44b3f9f96e\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":12,\"y\":32,\"w\":21,\"h\":18,\"i\":\"e1779497-5073-4664-9f4a-474aebfa2c78\"},\"panelIndex\":\"e1779497-5073-4664-9f4a-474aebfa2c78\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":4,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_4\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":33,\"y\":32,\"w\":15,\"h\":18,\"i\":\"119a8b45-c803-4c71-93b4-a9514803021a\"},\"panelIndex\":\"119a8b45-c803-4c71-93b4-a9514803021a\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":28,\"h\":18,\"i\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\"},\"panelIndex\":\"2231b6ad-9e0d-4524-a359-bdc2c8332991\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_6\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":28,\"y\":50,\"w\":10,\"h\":18,\"i\":\"61f158d0-8c28-499f-af09-4df087948d42\"},\"panelIndex\":\"61f158d0-8c28-499f-af09-4df087948d42\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_7\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":38,\"y\":50,\"w\":10,\"h\":18,\"i\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\"},\"panelIndex\":\"4cdbaf8d-bb32-457f-a198-e9734168c5eb\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}},\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_8\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":26,\"h\":29,\"i\":\"6beedf2b-5d72-48af-a90f-f56781764efe\"},\"panelIndex\":\"6beedf2b-5d72-48af-a90f-f56781764efe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":26,\"y\":68,\"w\":22,\"h\":29,\"i\":\"071a1c98-695f-4708-92c9-2c950e515131\"},\"panelIndex\":\"071a1c98-695f-4708-92c9-2c950e515131\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":null}},\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"sortColumn\":{\"colIndex\":2,\"direction\":\"asc\"}}},\"panelRefName\":\"panel_10\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":97,\"w\":48,\"h\":33,\"i\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\"},\"panelIndex\":\"9df4498d-9d4d-4613-bc54-8fca34ade25c\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":3},\"panelRefName\":\"panel_11\"},{\"version\":\"2.8.0\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":31,\"i\":\"ad7c7773-e54a-4da3-8e6e-7da232febdef\"},\"panelIndex\":\"ad7c7773-e54a-4da3-8e6e-7da232febdef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"}]", + "optionsJSON": "{\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "8f673450-cbd9-11ec-a50a-5fedd672f5c5" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "a5acf7f0-cbdd-11ec-a50a-5fedd672f5c5" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "e9f27fa0-41f8-11ea-88fa-7151df485405" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "596d20d0-d147-11ec-ab4e-83a83b5e27a4" + }, + { + "name": "panel_5", + "type": "visualization", + "id": "c5b1e590-41f3-11ea-88fa-7151df485405" + }, + { + "name": "panel_6", + "type": "visualization", + "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405" + }, + { + "name": "panel_7", + "type": "visualization", + "id": "4a183420-41f3-11ea-88fa-7151df485405" + }, + { + "name": "panel_8", + "type": "visualization", + "id": "0ffb5790-41f3-11ea-88fa-7151df485405" + }, + { + "name": "panel_9", + "type": "visualization", + "id": "3a582cc0-6fab-11eb-958c-51e33b5cae2a" + }, + { + "name": "panel_10", + "type": "visualization", + "id": "69241a80-421d-11ea-9084-41ab7c5fff2e" + }, + { + "name": "panel_11", + "type": "visualization", + "id": "f7b3ba60-41f7-11ea-88fa-7151df485405" + }, + { + "name": "panel_12", + "type": "search", + "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "dashboard": "7.9.3" + } + }, + { + "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:39:21.339Z", + "version": "Wzg1NywxXQ==", + "attributes": { + "title": "Network Logs", + "visState": "{\"title\":\"Network Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/dashboards/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](/dashboards/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](/dashboards/app/dashboards#/view/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Severity](/dashboards/app/dashboards#/view/d2dd0180-06b1-11ec-8c6b-353266ade330) \\n[Connections](/dashboards/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](/dashboards/app/dashboards#/view/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](/dashboards/app/dashboards#/view/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](/dashboards/app/dashboards#/view/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](/dashboards/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Zeek Known Summary](/dashboards/app/dashboards#/view/89d1cc50-974c-11ed-bb6b-3fb06c879b11) \\n[Zeek Intelligence](/dashboards/app/dashboards#/view/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[Zeek Notices](/dashboards/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Zeek Weird](/dashboards/app/dashboards#/view/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](/dashboards/app/dashboards#/view/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Suricata Alerts](/dashboards/app/dashboards#/view/5694ca60-cbdf-11ec-a50a-5fedd672f5c5) \\n[Asset Interaction Analysis](/dashboards/app/dashboards#/view/677ee170-809e-11ed-8d5b-07069f823b6f) \\n[↪ NetBox](/netbox/) \\n[↪ Arkime](/sessions) \\n\\n### Common Protocols\\n[DCE/RPC](/dashboards/app/dashboards#/view/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](/dashboards/app/dashboards#/view/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](/dashboards/app/dashboards#/view/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](/dashboards/app/dashboards#/view/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](/dashboards/app/dashboards#/view/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](/dashboards/app/dashboards#/view/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](/dashboards/app/dashboards#/view/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](/dashboards/app/dashboards#/view/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](/dashboards/app/dashboards#/view/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MQTT](/dashboards/app/dashboards#/view/87a32f90-ef58-11e9-974e-9d600036d105) ● [MySQL](/dashboards/app/dashboards#/view/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](/dashboards/app/dashboards#/view/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](/dashboards/app/dashboards#/view/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [OSPF](/dashboards/app/dashboards#/view/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0) ● [QUIC](/dashboards/app/dashboards#/view/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](/dashboards/app/dashboards#/view/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](/dashboards/app/dashboards#/view/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](/dashboards/app/dashboards#/view/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](/dashboards/app/dashboards#/view/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](/dashboards/app/dashboards#/view/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](/dashboards/app/dashboards#/view/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](/dashboards/app/dashboards#/view/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](/dashboards/app/dashboards#/view/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](/dashboards/app/dashboards#/view/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/dashboards/app/dashboards#/view/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [STUN](/dashboards/app/dashboards#/view/fa477130-2b8a-11ec-a9f2-3911c8571bfd) ● [Syslog](/dashboards/app/dashboards#/view/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](/dashboards/app/dashboards#/view/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/dashboards/app/dashboards#/view/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/dashboards/app/dashboards#/view/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](/dashboards/app/dashboards#/view/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](/dashboards/app/dashboards#/view/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/dashboards/app/dashboards#/view/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](/dashboards/app/dashboards#/view/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](/dashboards/app/dashboards#/view/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](/dashboards/app/dashboards#/view/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](/dashboards/app/dashboards#/view/29a1b290-eb98-11e9-a384-0fcf32210194) ● [GENISYS](/dashboards/app/dashboards#/view/03207c00-d07e-11ec-b4a7-d1b4003706b7) ● [Modbus](/dashboards/app/dashboards#/view/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [OPCUA Binary](/dashboards/app/dashboards#/view/dd87edd0-796a-11ec-9ce6-b395c1ff58f4) ● [PROFINET](/dashboards/app/dashboards#/view/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](/dashboards/app/dashboards#/view/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Synchrophasor](/dashboards/app/dashboards#/view/2cc56240-e460-11ed-a9d5-9f591c284cb4) ● [Best Guess](/dashboards/app/dashboards#/view/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}" + } + }, + "references": [], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "8f673450-cbd9-11ec-a50a-5fedd672f5c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU1OCwxXQ==", + "attributes": { + "title": "Normalized Event Category", + "visState": "{\"title\":\"Normalized Event Category\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Transport\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":40},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\" \"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\" \",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"(rule.category:*) AND (NOT rule.category:Generic Protocol Command Decode)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "a5acf7f0-cbdd-11ec-a50a-5fedd672f5c5", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU1OSwxXQ==", + "attributes": { + "title": "Notice, Alert and Signature - Summary", + "visState": "{\"title\":\"Notice, Alert, and Signature - Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Provider\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Category\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "e9f27fa0-41f8-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2MCwxXQ==", + "attributes": { + "title": "Outdated/Insecure Application Protocols", + "visState": "{\"title\":\"Outdated/Insecure Application Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.protocol_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol Version\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"(NOT event.dataset:known*) AND ((network.protocol:ssh AND network.protocol_version < 2) OR (network.protocol:smb AND network.protocol_version < 2) OR (network.protocol:tls AND NOT network.protocol_version:(*TLS*v12* OR *TLS*v13*)) OR (network.protocol:ntp AND network.protocol_version < 4) OR (network.protocol:rfb AND network.protocol_version < 3.8) OR (network.protocol:rdp AND network.protocol_version < 6.0) OR (network.protocol:snmp AND network.protocol_version < 3) OR (network.protocol:ldap AND network.protocol_version < 3) OR (network.protocol:ftp) OR (network.protocol:tftp) OR (network.protocol:telnet) OR (network.protocol:rlogin) OR (network.protocol:rsh))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "596d20d0-d147-11ec-ab4e-83a83b5e27a4", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2MSwxXQ==", + "attributes": { + "title": "Vulnerabilities", + "visState": "{\"title\":\"Vulnerabilities\",\"type\":\"table\",\"aggs\":[{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"firstPacket\",\"customLabel\":\"Last Seen\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Data Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Log Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vulnerability.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Vulnerability ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "c5b1e590-41f3-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2MiwxXQ==", + "attributes": { + "title": "Clear-text Transmission of Passwords ", + "visState": "{\"title\":\"Clear-text Transmission of Passwords \",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Application Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\\\\*password:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "d8b8a6a0-41fe-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2MywxXQ==", + "attributes": { + "title": "Inbound Access By Protocol Over Time", + "visState": "{\"title\":\"Inbound Access By Protocol Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\" \"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD\"}},\"params\":{\"date\":true,\"interval\":\"P30D\",\"intervalESValue\":30,\"intervalESUnit\":\"d\",\"format\":\"YYYY-MM-DD\",\"bounds\":{\"min\":\"1976-01-28T18:52:45.953Z\",\"max\":\"2020-01-28T18:52:45.953Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"network.protocol:(ssh OR rdp OR rfb OR telnet OR rlogin OR rsh OR openvpn OR ipsec OR wireguard) AND network.direction:(inbound OR outbound)\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "4a183420-41f3-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2NCwxXQ==", + "attributes": { + "title": "Outbound Internal Traffic by Country", + "visState": "{\"title\":\"Outbound Internal Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Responding Country\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"network.direction:outbound\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "0ffb5790-41f3-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2NSwxXQ==", + "attributes": { + "title": "Inbound External Traffic by Country", + "visState": "{\"title\":\"Inbound External Traffic by Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Originating Country\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"network.direction:inbound\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "3a582cc0-6fab-11eb-958c-51e33b5cae2a", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2NiwxXQ==", + "attributes": { + "title": "File Transfers", + "visState": "{\"title\":\"File Transfers\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Type\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":42,\"showLabel\":false}}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "69241a80-421d-11ea-9084-41ab7c5fff2e", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2NywxXQ==", + "attributes": { + "title": "DNS Queries by Randomness", + "visState": "{\"title\":\"DNS Queries by Randomness\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.host\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Query\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 1)\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Randomness Score (method 2)\"},\"schema\":\"bucket\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":20,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"totalFunc\":\"sum\"}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "f7b3ba60-41f7-11ea-88fa-7151df485405", + "type": "visualization", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2OCwxXQ==", + "attributes": { + "title": "Connections by Destination Country (region map)", + "visState": "{\"title\":\"Connections by Destination Country (region map)\",\"type\":\"region_map\",\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Blues\",\"emsHotLink\":\"\",\"isDisplayWarning\":false,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service
\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true,\"selectedLayer\":{\"name\":\"World (offline)\",\"url\":\"/world.geojson\",\"attribution\":\"https://exploratory.io/maps\",\"fields\":[{\"name\":\"ISO_A2\",\"description\":\"Country Code\"},{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},{\"name\":\"NAME\",\"description\":\"Country Name\"}],\"format\":{\"type\":\"geojson\"},\"meta\":{\"feature_collection_path\":\"data\"},\"layerId\":\"self_hosted.World (offline)\",\"isEMS\":false},\"selectedJoinField\":{\"name\":\"WB_A2\",\"description\":\"Country Code2\"},\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_code2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Country\"}}]}", + "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[37.16031654673677,-5.7511603125000015]}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "savedSearchRefName": "search_0" + }, + "references": [ + { + "name": "search_0", + "type": "search", + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f" + } + ], + "migrationVersion": { + "visualization": "7.10.0" + } + }, + { + "id": "33ba96c0-cbdd-11ec-a50a-5fedd672f5c5", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU2OSwxXQ==", + "attributes": { + "title": "Notice, Alert, and Signature - Logs", + "description": "", + "hits": 0, + "columns": [ + "event.provider", + "event.dataset", + "event.module", + "rule.category", + "rule.name", + "network.protocol", + "source.ip", + "destination.ip", + "event.severity_tags", + "event.id" + ], + "sort": [], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"(event.provider:zeek AND event.dataset:(notice OR signatures)) OR (event.provider:suricata AND event.dataset:alert AND (NOT rule.category:Generic Protocol Command Decode))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "52570870-e9d4-444f-a3df-e44c6757ed9f", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:39:18.257Z", + "version": "WzgzMiwxXQ==", + "attributes": { + "title": "Connections - Logs", + "description": "", + "hits": 0, + "columns": [ + "network.transport", + "network.protocol", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.bytes", + "event.id" + ], + "sort": [ + [ + "firstPacket", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"(event.provider:zeek AND event.dataset:conn) OR (event.provider:suricata AND event.dataset:flow)\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + }, + { + "id": "0b971165-4c39-42ed-b80d-8a8f5658a38e", + "type": "search", + "namespaces": [ + "default" + ], + "updated_at": "2023-09-14T18:38:53.716Z", + "version": "WzU3MSwxXQ==", + "attributes": { + "title": "DNS - Logs", + "description": "", + "hits": 0, + "columns": [ + "source.ip", + "destination.ip", + "zeek.dns.query", + "zeek.dns.answers", + "event.id" + ], + "sort": [ + [ + "firstPacket", + "desc" + ] + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event.dataset:dns\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "arkime_sessions3-*" + } + ], + "migrationVersion": { + "search": "7.9.3" + } + } + ] } \ No newline at end of file diff --git a/dashboards/templates/composable/component/arkime.json b/dashboards/templates/composable/component/arkime.json index 678585380..1944b4cdd 100644 --- a/dashboards/templates/composable/component/arkime.json +++ b/dashboards/templates/composable/component/arkime.json @@ -2,6 +2,7 @@ "template": { "mappings": { "properties": { + "destination.as.full": { "type": "keyword" }, "destination.geo.country_code2": { "type": "keyword" }, "destination.geo.country_code3": { "type": "keyword" }, "destination.geo.dma_code": { "type": "short" }, @@ -9,18 +10,9 @@ "destination.geo.latitude": { "type": "float" }, "destination.geo.location": { "type": "geo_point" }, "destination.geo.longitude": { "type": "float" }, - "dns.host": { "type": "keyword" }, - "firstPacket": { "type": "date" }, - "http.xffASN": { "type": "keyword" }, - "http.xffGEO": { "type": "keyword" }, - "http.xffIp": { "type": "ip" }, - "http.xffRIR": { "type": "keyword" }, - "lastPacket": { "type": "date" }, - "node": { "type": "keyword" }, - "protocol": { "type": "keyword" }, - "quic.host": { "type": "keyword" }, - "quic.version": { "type": "keyword" }, - "rootId": { "type": "keyword" }, + "destination.mac-cnt": { "type": "long" }, + "network.vlan.id-cnt": { "type": "long" }, + "source.as.full": { "type": "keyword" }, "source.geo.country_code2": { "type": "keyword" }, "source.geo.country_code3": { "type": "keyword" }, "source.geo.dma_code": { "type": "short" }, @@ -28,9 +20,896 @@ "source.geo.latitude": { "type": "float" }, "source.geo.location": { "type": "geo_point" }, "source.geo.longitude": { "type": "float" }, + "source.mac-cnt": { "type": "long" }, "timestamp": { "type": "date" }, - "user": { "type": "keyword" } + "asset" : { + "type" : "keyword" + }, + "assetCnt" : { + "type" : "long" + }, + "bgp" : { + "properties" : { + "type" : { + "type" : "keyword" + } + } + }, + "cert" : { + "properties" : { + "alt" : { + "type" : "keyword" + }, + "altCnt" : { + "type" : "long" + }, + "curve" : { + "type" : "keyword" + }, + "hash" : { + "type" : "keyword" + }, + "issuerCN" : { + "type" : "keyword" + }, + "issuerON" : { + "type" : "keyword" + }, + "notAfter" : { + "type" : "date" + }, + "notBefore" : { + "type" : "date" + }, + "publicAlgorithm" : { + "type" : "keyword" + }, + "remainingDays" : { + "type" : "long" + }, + "serial" : { + "type" : "keyword" + }, + "subjectCN" : { + "type" : "keyword" + }, + "subjectON" : { + "type" : "keyword" + }, + "validDays" : { + "type" : "long" + } + } + }, + "certCnt" : { + "type" : "long" + }, + "dhcp" : { + "properties" : { + "host" : { + "type" : "keyword" + }, + "hostCnt" : { + "type" : "long" + }, + "id" : { + "type" : "keyword" + }, + "idCnt" : { + "type" : "long" + }, + "mac" : { + "type" : "keyword" + }, + "macCnt" : { + "type" : "long" + }, + "oui" : { + "type" : "keyword" + }, + "ouiCnt" : { + "type" : "long" + }, + "type" : { + "type" : "keyword" + }, + "typeCnt" : { + "type" : "long" + } + } + }, + "dns" : { + "properties" : { + "ASN" : { + "type" : "keyword" + }, + "GEO" : { + "type" : "keyword" + }, + "RIR" : { + "type" : "keyword" + }, + "host" : { + "type" : "keyword" + }, + "hostCnt" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + }, + "ipCnt" : { + "type" : "long" + }, + "opcode" : { + "type" : "keyword" + }, + "opcodeCnt" : { + "type" : "long" + }, + "puny" : { + "type" : "keyword" + }, + "punyCnt" : { + "type" : "long" + }, + "qc" : { + "type" : "keyword" + }, + "qcCnt" : { + "type" : "long" + }, + "qt" : { + "type" : "keyword" + }, + "qtCnt" : { + "type" : "long" + }, + "status" : { + "type" : "keyword" + }, + "statusCnt" : { + "type" : "long" + } + } + }, + "dstOui" : { + "type" : "keyword" + }, + "dstOuiCnt" : { + "type" : "long" + }, + "dstPayload8" : { + "type" : "keyword" + }, + "dstRIR" : { + "type" : "keyword" + }, + "email" : { + "properties" : { + "ASN" : { + "type" : "keyword" + }, + "GEO" : { + "type" : "keyword" + }, + "RIR" : { + "type" : "keyword" + }, + "bodyMagic" : { + "type" : "keyword" + }, + "bodyMagicCnt" : { + "type" : "long" + }, + "contentType" : { + "type" : "keyword" + }, + "contentTypeCnt" : { + "type" : "long" + }, + "dst" : { + "type" : "keyword" + }, + "dstCnt" : { + "type" : "long" + }, + "filename" : { + "type" : "keyword" + }, + "filenameCnt" : { + "type" : "long" + }, + "header" : { + "type" : "keyword" + }, + "header-chad" : { + "type" : "keyword" + }, + "header-chadCnt" : { + "type" : "long" + }, + "headerCnt" : { + "type" : "long" + }, + "host" : { + "type" : "keyword" + }, + "hostCnt" : { + "type" : "long" + }, + "id" : { + "type" : "keyword" + }, + "idCnt" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + }, + "ipCnt" : { + "type" : "long" + }, + "md5" : { + "type" : "keyword" + }, + "md5Cnt" : { + "type" : "long" + }, + "mimeVersion" : { + "type" : "keyword" + }, + "mimeVersionCnt" : { + "type" : "long" + }, + "smtpHello" : { + "type" : "keyword" + }, + "smtpHelloCnt" : { + "type" : "long" + }, + "src" : { + "type" : "keyword" + }, + "srcCnt" : { + "type" : "long" + }, + "subject" : { + "type" : "keyword" + }, + "subjectCnt" : { + "type" : "long" + }, + "useragent" : { + "type" : "keyword" + }, + "useragentCnt" : { + "type" : "long" + } + } + }, + "fileId" : { + "type" : "long" + }, + "firstPacket" : { + "type" : "date" + }, + "srcOuterIp" : { + "type" : "ip" + }, + "srcOuterIpCnt" : { + "type" : "long" + }, + "dstOuterIp" : { + "type" : "ip" + }, + "dstOuterIpCnt" : { + "type" : "long" + }, + "srcOuterOui" : { + "type" : "keyword" + }, + "srcOuterOuiCnt" : { + "type" : "long" + }, + "dstOuterOui" : { + "type" : "keyword" + }, + "dstOuterOuiCnt" : { + "type" : "long" + }, + "srcOuterMac" : { + "type" : "keyword" + }, + "srcOuterMacCnt" : { + "type" : "long" + }, + "dstOuterMac" : { + "type" : "keyword" + }, + "dstOuterMacCnt" : { + "type" : "long" + }, + "srcOuterRIR" : { + "type" : "keyword" + }, + "dstOuterRIR" : { + "type" : "keyword" + }, + "srcOuterGEO" : { + "type" : "keyword" + }, + "dstOuterGEO" : { + "type" : "keyword" + }, + "srcOuterASN" : { + "type" : "keyword" + }, + "dstOuterASN" : { + "type" : "keyword" + }, + "http" : { + "properties" : { + "authType" : { + "type" : "keyword" + }, + "authTypeCnt" : { + "type" : "long" + }, + "bodyMagic" : { + "type" : "keyword" + }, + "bodyMagicCnt" : { + "type" : "long" + }, + "clientVersion" : { + "type" : "keyword" + }, + "clientVersionCnt" : { + "type" : "long" + }, + "cookieKey" : { + "type" : "keyword" + }, + "cookieKeyCnt" : { + "type" : "long" + }, + "cookieValue" : { + "type" : "keyword" + }, + "cookieValueCnt" : { + "type" : "long" + }, + "host" : { + "type" : "keyword" + }, + "hostCnt" : { + "type" : "long" + }, + "key" : { + "type" : "keyword" + }, + "keyCnt" : { + "type" : "long" + }, + "md5" : { + "type" : "keyword" + }, + "md5Cnt" : { + "type" : "long" + }, + "method" : { + "type" : "keyword" + }, + "methodCnt" : { + "type" : "long" + }, + "path" : { + "type" : "keyword" + }, + "pathCnt" : { + "type" : "long" + }, + "request-authorization" : { + "type" : "keyword" + }, + "request-authorizationCnt" : { + "type" : "long" + }, + "request-chad" : { + "type" : "keyword" + }, + "request-chadCnt" : { + "type" : "long" + }, + "request-content-type" : { + "type" : "keyword" + }, + "request-content-typeCnt" : { + "type" : "long" + }, + "request-origin" : { + "type" : "keyword" + }, + "request-referer" : { + "type" : "keyword" + }, + "request-refererCnt" : { + "type" : "long" + }, + "requestBody" : { + "type" : "keyword" + }, + "requestHeader" : { + "type" : "keyword" + }, + "requestHeaderCnt" : { + "type" : "long" + }, + "response-content-type" : { + "type" : "keyword" + }, + "response-content-typeCnt" : { + "type" : "long" + }, + "response-location" : { + "type" : "keyword" + }, + "response-server" : { + "type" : "keyword" + }, + "responseHeader" : { + "type" : "keyword" + }, + "responseHeaderCnt" : { + "type" : "long" + }, + "serverVersion" : { + "type" : "keyword" + }, + "serverVersionCnt" : { + "type" : "long" + }, + "statuscode" : { + "type" : "long" + }, + "statuscodeCnt" : { + "type" : "long" + }, + "uri" : { + "type" : "keyword" + }, + "uriCnt" : { + "type" : "long" + }, + "user" : { + "type" : "keyword" + }, + "userCnt" : { + "type" : "long" + }, + "useragent" : { + "type" : "keyword" + }, + "useragentCnt" : { + "type" : "long" + }, + "value" : { + "type" : "keyword" + }, + "valueCnt" : { + "type" : "long" + }, + "xffASN" : { + "type" : "keyword" + }, + "xffGEO" : { + "type" : "keyword" + }, + "xffIp" : { + "type" : "ip" + }, + "xffIpCnt" : { + "type" : "long" + }, + "xffRIR" : { + "type" : "keyword" + } + } + }, + "icmp" : { + "properties" : { + "code" : { + "type" : "long" + }, + "type" : { + "type" : "long" + } + } + }, + "initRTT" : { + "type" : "long" + }, + "ipProtocol" : { + "type" : "long" + }, + "irc" : { + "properties" : { + "channel" : { + "type" : "keyword" + }, + "channelCnt" : { + "type" : "long" + }, + "nick" : { + "type" : "keyword" + }, + "nickCnt" : { + "type" : "long" + } + } + }, + "krb5" : { + "properties" : { + "cname" : { + "type" : "keyword" + }, + "cnameCnt" : { + "type" : "long" + }, + "realm" : { + "type" : "keyword" + }, + "realmCnt" : { + "type" : "long" + }, + "sname" : { + "type" : "keyword" + }, + "snameCnt" : { + "type" : "long" + } + } + }, + "lastPacket" : { + "type" : "date" + }, + "ldap" : { + "properties" : { + "authtype" : { + "type" : "keyword" + }, + "authtypeCnt" : { + "type" : "long" + }, + "bindname" : { + "type" : "keyword" + }, + "bindnameCnt" : { + "type" : "long" + } + } + }, + "length" : { + "type" : "long" + }, + "mysql" : { + "properties" : { + "user" : { + "type" : "keyword" + }, + "version" : { + "type" : "keyword" + } + } + }, + "node" : { + "type" : "keyword" + }, + "oracle" : { + "properties" : { + "host" : { + "type" : "keyword" + }, + "service" : { + "type" : "keyword" + }, + "user" : { + "type" : "keyword" + } + } + }, + "packetLen" : { + "type" : "integer", + "index" : false + }, + "packetPos" : { + "type" : "long", + "index" : false + }, + "postgresql" : { + "properties" : { + "app" : { + "type" : "keyword" + }, + "db" : { + "type" : "keyword" + }, + "user" : { + "type" : "keyword" + } + } + }, + "protocol" : { + "type" : "keyword" + }, + "protocolCnt" : { + "type" : "long" + }, + "quic" : { + "properties" : { + "host" : { + "type" : "keyword" + }, + "hostCnt" : { + "type" : "long" + }, + "useragent" : { + "type" : "keyword" + }, + "useragentCnt" : { + "type" : "long" + }, + "version" : { + "type" : "keyword" + }, + "versionCnt" : { + "type" : "long" + } + } + }, + "radius" : { + "properties" : { + "framedASN" : { + "type" : "keyword" + }, + "framedGEO" : { + "type" : "keyword" + }, + "framedIp" : { + "type" : "ip" + }, + "framedIpCnt" : { + "type" : "long" + }, + "framedRIR" : { + "type" : "keyword" + }, + "mac" : { + "type" : "keyword" + }, + "macCnt" : { + "type" : "long" + }, + "user" : { + "type" : "keyword" + } + } + }, + "rootId" : { + "type" : "keyword" + }, + "segmentCnt" : { + "type" : "long" + }, + "smb" : { + "properties" : { + "filename" : { + "type" : "keyword" + }, + "filenameCnt" : { + "type" : "long" + }, + "host" : { + "type" : "keyword" + } + } + }, + "socks" : { + "properties" : { + "ASN" : { + "type" : "keyword" + }, + "GEO" : { + "type" : "keyword" + }, + "RIR" : { + "type" : "keyword" + }, + "host" : { + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "port" : { + "type" : "long" + }, + "user" : { + "type" : "keyword" + } + } + }, + "srcOui" : { + "type" : "keyword" + }, + "srcOuiCnt" : { + "type" : "long" + }, + "srcPayload8" : { + "type" : "keyword" + }, + "srcRIR" : { + "type" : "keyword" + }, + "ssh" : { + "properties" : { + "hassh" : { + "type" : "keyword" + }, + "hasshCnt" : { + "type" : "long" + }, + "hasshServer" : { + "type" : "keyword" + }, + "hasshServerCnt" : { + "type" : "long" + }, + "key" : { + "type" : "keyword" + }, + "keyCnt" : { + "type" : "long" + }, + "version" : { + "type" : "keyword" + }, + "versionCnt" : { + "type" : "long" + } + } + }, + "suricata" : { + "properties" : { + "action" : { + "type" : "keyword" + }, + "actionCnt" : { + "type" : "long" + }, + "category" : { + "type" : "keyword" + }, + "categoryCnt" : { + "type" : "long" + }, + "flowId" : { + "type" : "keyword" + }, + "flowIdCnt" : { + "type" : "long" + }, + "gid" : { + "type" : "long" + }, + "gidCnt" : { + "type" : "long" + }, + "severity" : { + "type" : "long" + }, + "severityCnt" : { + "type" : "long" + }, + "signature" : { + "type" : "keyword" + }, + "signatureCnt" : { + "type" : "long" + }, + "signatureId" : { + "type" : "long" + }, + "signatureIdCnt" : { + "type" : "long" + } + } + }, + "tags" : { + "type" : "keyword" + }, + "tagsCnt" : { + "type" : "long" + }, + "tcpflags" : { + "properties" : { + "ack" : { + "type" : "long" + }, + "dstZero" : { + "type" : "long" + }, + "fin" : { + "type" : "long" + }, + "psh" : { + "type" : "long" + }, + "rst" : { + "type" : "long" + }, + "srcZero" : { + "type" : "long" + }, + "syn" : { + "type" : "long" + }, + "syn-ack" : { + "type" : "long" + }, + "urg" : { + "type" : "long" + } + } + }, + "tls" : { + "properties" : { + "cipher" : { + "type" : "keyword" + }, + "cipherCnt" : { + "type" : "long" + }, + "dstSessionId" : { + "type" : "keyword" + }, + "ja3" : { + "type" : "keyword" + }, + "ja3Cnt" : { + "type" : "long" + }, + "ja3s" : { + "type" : "keyword" + }, + "ja3sCnt" : { + "type" : "long" + }, + "srcSessionId" : { + "type" : "keyword" + }, + "version" : { + "type" : "keyword" + }, + "versionCnt" : { + "type" : "long" + } + } + }, + "totDataBytes" : { + "type" : "long" + }, + "user" : { + "type" : "keyword" + }, + "userCnt" : { + "type" : "long" + } } } + }, + "_meta": { + "description": "mostly lifted from Arkime's db.pl sessions3Update" } } diff --git a/dashboards/templates/composable/component/zeek_ot.json b/dashboards/templates/composable/component/zeek_ot.json index 6e974155c..6a1870503 100644 --- a/dashboards/templates/composable/component/zeek_ot.json +++ b/dashboards/templates/composable/component/zeek_ot.json @@ -9,21 +9,18 @@ "zeek.bacnet.pdu_type": { "type": "keyword" }, "zeek.bacnet.result_code": { "type": "keyword" }, "zeek.bacnet_device_control.is_orig": { "type": "keyword" }, - "zeek.bacnet_device_control.pdu_service": { "type": "keyword" }, "zeek.bacnet_device_control.time_duration": { "type": "long" }, "zeek.bacnet_device_control.device_state": { "type": "keyword" }, "zeek.bacnet_device_control.result": { "type": "keyword" }, "zeek.bacnet_device_control.result_code": { "type": "keyword" }, "zeek.bacnet_discovery.object_name": { "type": "keyword" }, "zeek.bacnet_discovery.object_type": { "type": "keyword" }, - "zeek.bacnet_discovery.pdu_service": { "type": "keyword" }, "zeek.bacnet_discovery.range": { "type": "keyword" }, "zeek.bacnet_discovery.range_high": { "type": "integer" }, "zeek.bacnet_discovery.range_low": { "type": "integer" }, "zeek.bacnet_discovery.vendor": { "type": "keyword" }, "zeek.bacnet_property.array_index": { "type": "long" }, "zeek.bacnet_property.object_type": { "type": "keyword" }, - "zeek.bacnet_property.pdu_service": { "type": "keyword" }, "zeek.bacnet_property.property": { "type": "keyword" }, "zeek.bacnet_property.value": { "type": "keyword" }, "zeek.bestguess.category": { "type": "keyword" }, diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml index 1d14192b8..c251b7cef 100644 --- a/docker-compose-standalone.yml +++ b/docker-compose-standalone.yml @@ -4,7 +4,7 @@ version: '3.7' services: opensearch: - image: ghcr.io/idaholab/malcolm/opensearch:23.08.1 + image: ghcr.io/idaholab/malcolm/opensearch:23.09.0 restart: "no" stdin_open: false tty: true @@ -37,7 +37,7 @@ services: retries: 3 start_period: 180s dashboards-helper: - image: ghcr.io/idaholab/malcolm/dashboards-helper:23.08.1 + image: ghcr.io/idaholab/malcolm/dashboards-helper:23.09.0 restart: "no" stdin_open: false tty: true @@ -64,7 +64,7 @@ services: retries: 3 start_period: 30s dashboards: - image: ghcr.io/idaholab/malcolm/dashboards:23.08.1 + image: ghcr.io/idaholab/malcolm/dashboards:23.09.0 restart: "no" stdin_open: false tty: true @@ -90,7 +90,7 @@ services: retries: 3 start_period: 210s logstash: - image: ghcr.io/idaholab/malcolm/logstash-oss:23.08.1 + image: ghcr.io/idaholab/malcolm/logstash-oss:23.09.0 restart: "no" stdin_open: false tty: true @@ -132,7 +132,7 @@ services: retries: 3 start_period: 600s filebeat: - image: ghcr.io/idaholab/malcolm/filebeat-oss:23.08.1 + image: ghcr.io/idaholab/malcolm/filebeat-oss:23.09.0 restart: "no" stdin_open: false tty: true @@ -167,7 +167,7 @@ services: retries: 3 start_period: 60s arkime: - image: ghcr.io/idaholab/malcolm/arkime:23.08.1 + image: ghcr.io/idaholab/malcolm/arkime:23.09.0 restart: "no" stdin_open: false tty: true @@ -203,7 +203,7 @@ services: retries: 3 start_period: 210s zeek: - image: ghcr.io/idaholab/malcolm/zeek:23.08.1 + image: ghcr.io/idaholab/malcolm/zeek:23.09.0 restart: "no" stdin_open: false tty: true @@ -241,7 +241,7 @@ services: retries: 3 start_period: 60s zeek-live: - image: ghcr.io/idaholab/malcolm/zeek:23.08.1 + image: ghcr.io/idaholab/malcolm/zeek:23.09.0 restart: "no" stdin_open: false tty: true @@ -269,7 +269,7 @@ services: - ./zeek-logs/extract_files:/zeek/extract_files - ./zeek/intel:/opt/zeek/share/zeek/site/intel suricata: - image: ghcr.io/idaholab/malcolm/suricata:23.08.1 + image: ghcr.io/idaholab/malcolm/suricata:23.09.0 restart: "no" stdin_open: false tty: true @@ -305,7 +305,7 @@ services: retries: 3 start_period: 120s suricata-live: - image: ghcr.io/idaholab/malcolm/suricata:23.08.1 + image: ghcr.io/idaholab/malcolm/suricata:23.09.0 restart: "no" stdin_open: false tty: true @@ -331,7 +331,7 @@ services: - ./suricata-logs:/var/log/suricata - ./suricata/rules:/opt/suricata/rules:ro file-monitor: - image: ghcr.io/idaholab/malcolm/file-monitor:23.08.1 + image: ghcr.io/idaholab/malcolm/file-monitor:23.09.0 restart: "no" stdin_open: false tty: true @@ -357,7 +357,7 @@ services: retries: 3 start_period: 60s pcap-capture: - image: ghcr.io/idaholab/malcolm/pcap-capture:23.08.1 + image: ghcr.io/idaholab/malcolm/pcap-capture:23.09.0 restart: "no" stdin_open: false tty: true @@ -379,7 +379,7 @@ services: - ./nginx/ca-trust:/var/local/ca-trust:ro - ./pcap/upload:/pcap pcap-monitor: - image: ghcr.io/idaholab/malcolm/pcap-monitor:23.08.1 + image: ghcr.io/idaholab/malcolm/pcap-monitor:23.09.0 restart: "no" stdin_open: false tty: true @@ -405,7 +405,7 @@ services: retries: 3 start_period: 90s upload: - image: ghcr.io/idaholab/malcolm/file-upload:23.08.1 + image: ghcr.io/idaholab/malcolm/file-upload:23.09.0 restart: "no" stdin_open: false tty: true @@ -432,7 +432,7 @@ services: retries: 3 start_period: 60s htadmin: - image: ghcr.io/idaholab/malcolm/htadmin:23.08.1 + image: ghcr.io/idaholab/malcolm/htadmin:23.09.0 restart: "no" stdin_open: false tty: true @@ -457,7 +457,7 @@ services: retries: 3 start_period: 60s freq: - image: ghcr.io/idaholab/malcolm/freq:23.08.1 + image: ghcr.io/idaholab/malcolm/freq:23.09.0 restart: "no" stdin_open: false tty: true @@ -479,7 +479,7 @@ services: retries: 3 start_period: 60s netbox: - image: ghcr.io/idaholab/malcolm/netbox:23.08.1 + image: ghcr.io/idaholab/malcolm/netbox:23.09.0 restart: "no" stdin_open: false tty: true @@ -511,7 +511,7 @@ services: retries: 3 start_period: 120s netbox-postgres: - image: ghcr.io/idaholab/malcolm/postgresql:23.08.1 + image: ghcr.io/idaholab/malcolm/postgresql:23.09.0 restart: "no" stdin_open: false tty: true @@ -535,7 +535,7 @@ services: retries: 3 start_period: 45s netbox-redis: - image: ghcr.io/idaholab/malcolm/redis:23.08.1 + image: ghcr.io/idaholab/malcolm/redis:23.09.0 restart: "no" stdin_open: false tty: true @@ -563,7 +563,7 @@ services: retries: 3 start_period: 45s netbox-redis-cache: - image: ghcr.io/idaholab/malcolm/redis:23.08.1 + image: ghcr.io/idaholab/malcolm/redis:23.09.0 restart: "no" stdin_open: false tty: true @@ -590,7 +590,7 @@ services: retries: 3 start_period: 45s api: - image: ghcr.io/idaholab/malcolm/api:23.08.1 + image: ghcr.io/idaholab/malcolm/api:23.09.0 command: gunicorn --bind 0:5000 manage:app restart: "no" stdin_open: false @@ -614,7 +614,7 @@ services: retries: 3 start_period: 60s nginx-proxy: - image: ghcr.io/idaholab/malcolm/nginx-proxy:23.08.1 + image: ghcr.io/idaholab/malcolm/nginx-proxy:23.09.0 restart: "no" stdin_open: false tty: true diff --git a/docker-compose.yml b/docker-compose.yml index 6a6f7c449..f2366e792 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: build: context: . dockerfile: Dockerfiles/opensearch.Dockerfile - image: ghcr.io/idaholab/malcolm/opensearch:23.08.1 + image: ghcr.io/idaholab/malcolm/opensearch:23.09.0 restart: "no" stdin_open: false tty: true @@ -43,7 +43,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards-helper.Dockerfile - image: ghcr.io/idaholab/malcolm/dashboards-helper:23.08.1 + image: ghcr.io/idaholab/malcolm/dashboards-helper:23.09.0 restart: "no" stdin_open: false tty: true @@ -73,7 +73,7 @@ services: build: context: . dockerfile: Dockerfiles/dashboards.Dockerfile - image: ghcr.io/idaholab/malcolm/dashboards:23.08.1 + image: ghcr.io/idaholab/malcolm/dashboards:23.09.0 restart: "no" stdin_open: false tty: true @@ -102,7 +102,7 @@ services: build: context: . dockerfile: Dockerfiles/logstash.Dockerfile - image: ghcr.io/idaholab/malcolm/logstash-oss:23.08.1 + image: ghcr.io/idaholab/malcolm/logstash-oss:23.09.0 restart: "no" stdin_open: false tty: true @@ -151,7 +151,7 @@ services: build: context: . dockerfile: Dockerfiles/filebeat.Dockerfile - image: ghcr.io/idaholab/malcolm/filebeat-oss:23.08.1 + image: ghcr.io/idaholab/malcolm/filebeat-oss:23.09.0 restart: "no" stdin_open: false tty: true @@ -189,7 +189,7 @@ services: build: context: . dockerfile: Dockerfiles/arkime.Dockerfile - image: ghcr.io/idaholab/malcolm/arkime:23.08.1 + image: ghcr.io/idaholab/malcolm/arkime:23.09.0 restart: "no" stdin_open: false tty: true @@ -231,7 +231,7 @@ services: build: context: . dockerfile: Dockerfiles/zeek.Dockerfile - image: ghcr.io/idaholab/malcolm/zeek:23.08.1 + image: ghcr.io/idaholab/malcolm/zeek:23.09.0 restart: "no" stdin_open: false tty: true @@ -273,7 +273,7 @@ services: build: context: . dockerfile: Dockerfiles/zeek.Dockerfile - image: ghcr.io/idaholab/malcolm/zeek:23.08.1 + image: ghcr.io/idaholab/malcolm/zeek:23.09.0 restart: "no" stdin_open: false tty: true @@ -305,7 +305,7 @@ services: build: context: . dockerfile: Dockerfiles/suricata.Dockerfile - image: ghcr.io/idaholab/malcolm/suricata:23.08.1 + image: ghcr.io/idaholab/malcolm/suricata:23.09.0 restart: "no" stdin_open: false tty: true @@ -344,7 +344,7 @@ services: build: context: . dockerfile: Dockerfiles/suricata.Dockerfile - image: ghcr.io/idaholab/malcolm/suricata:23.08.1 + image: ghcr.io/idaholab/malcolm/suricata:23.09.0 restart: "no" stdin_open: false tty: true @@ -373,7 +373,7 @@ services: build: context: . dockerfile: Dockerfiles/file-monitor.Dockerfile - image: ghcr.io/idaholab/malcolm/file-monitor:23.08.1 + image: ghcr.io/idaholab/malcolm/file-monitor:23.09.0 restart: "no" stdin_open: false tty: true @@ -402,7 +402,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-capture.Dockerfile - image: ghcr.io/idaholab/malcolm/pcap-capture:23.08.1 + image: ghcr.io/idaholab/malcolm/pcap-capture:23.09.0 restart: "no" stdin_open: false tty: true @@ -427,7 +427,7 @@ services: build: context: . dockerfile: Dockerfiles/pcap-monitor.Dockerfile - image: ghcr.io/idaholab/malcolm/pcap-monitor:23.08.1 + image: ghcr.io/idaholab/malcolm/pcap-monitor:23.09.0 restart: "no" stdin_open: false tty: true @@ -456,7 +456,7 @@ services: build: context: . dockerfile: Dockerfiles/file-upload.Dockerfile - image: ghcr.io/idaholab/malcolm/file-upload:23.08.1 + image: ghcr.io/idaholab/malcolm/file-upload:23.09.0 restart: "no" stdin_open: false tty: true @@ -483,7 +483,7 @@ services: retries: 3 start_period: 60s htadmin: - image: ghcr.io/idaholab/malcolm/htadmin:23.08.1 + image: ghcr.io/idaholab/malcolm/htadmin:23.09.0 build: context: . dockerfile: Dockerfiles/htadmin.Dockerfile @@ -511,7 +511,7 @@ services: retries: 3 start_period: 60s freq: - image: ghcr.io/idaholab/malcolm/freq:23.08.1 + image: ghcr.io/idaholab/malcolm/freq:23.09.0 build: context: . dockerfile: Dockerfiles/freq.Dockerfile @@ -536,7 +536,7 @@ services: retries: 3 start_period: 60s netbox: - image: ghcr.io/idaholab/malcolm/netbox:23.08.1 + image: ghcr.io/idaholab/malcolm/netbox:23.09.0 build: context: . dockerfile: Dockerfiles/netbox.Dockerfile @@ -571,7 +571,7 @@ services: retries: 3 start_period: 120s netbox-postgres: - image: ghcr.io/idaholab/malcolm/postgresql:23.08.1 + image: ghcr.io/idaholab/malcolm/postgresql:23.09.0 build: context: . dockerfile: Dockerfiles/postgresql.Dockerfile @@ -598,7 +598,7 @@ services: retries: 3 start_period: 45s netbox-redis: - image: ghcr.io/idaholab/malcolm/redis:23.08.1 + image: ghcr.io/idaholab/malcolm/redis:23.09.0 build: context: . dockerfile: Dockerfiles/redis.Dockerfile @@ -629,7 +629,7 @@ services: retries: 3 start_period: 45s netbox-redis-cache: - image: ghcr.io/idaholab/malcolm/redis:23.08.1 + image: ghcr.io/idaholab/malcolm/redis:23.09.0 build: context: . dockerfile: Dockerfiles/redis.Dockerfile @@ -659,7 +659,7 @@ services: retries: 3 start_period: 45s api: - image: ghcr.io/idaholab/malcolm/api:23.08.1 + image: ghcr.io/idaholab/malcolm/api:23.09.0 build: context: . dockerfile: Dockerfiles/api.Dockerfile @@ -689,7 +689,7 @@ services: build: context: . dockerfile: Dockerfiles/nginx.Dockerfile - image: ghcr.io/idaholab/malcolm/nginx-proxy:23.08.1 + image: ghcr.io/idaholab/malcolm/nginx-proxy:23.09.0 restart: "no" stdin_open: false tty: true diff --git a/docs/README.md b/docs/README.md index cee5df17e..f8f8e2793 100644 --- a/docs/README.md +++ b/docs/README.md @@ -24,12 +24,14 @@ Malcolm can also easily be deployed locally on an ordinary consumer workstation * [Configuration](malcolm-preparation.md#Configuration) - [Recommended system requirements](system-requirements.md#SystemRequirements) - [Malcolm Configuration](malcolm-config.md#ConfigAndTuning) - + [Environment Variable Files](malcolm-config.md#MalcolmConfigEnvVars) + + [Environment variable files](malcolm-config.md#MalcolmConfigEnvVars) + + [Command-line arguments](malcolm-config.md#CommandLineConfig) - [Configure authentication](authsetup.md#AuthSetup) + [Local account management](authsetup.md#AuthBasicAccountManagement) + [Lightweight Directory Access Protocol (LDAP) authentication](authsetup.md#AuthLDAP) * [LDAP connection security](authsetup.md#AuthLDAPSecurity) + [TLS certificates](authsetup.md#TLSCerts) + + [Command-line arguments](authsetup.md#CommandLineConfig) - [Platform-specific Configuration](host-config.md#HostSystemConfig) + [Linux host system configuration](host-config-linux.md#HostSystemConfigLinux) + [macOS host system configuration](host-config-macos.md#HostSystemConfigMac) diff --git a/docs/authsetup.md b/docs/authsetup.md index f4878cffd..b589d7715 100644 --- a/docs/authsetup.md +++ b/docs/authsetup.md @@ -5,6 +5,7 @@ - [Lightweight Directory Access Protocol (LDAP) authentication](#AuthLDAP) + [LDAP connection security](#AuthLDAPSecurity) - [TLS certificates](#TLSCerts) + - [Command-line arguments](#CommandLineConfig) Malcolm requires authentication to access the [user interface](quickstart.md#UserInterfaceURLs). [Nginx](https://nginx.org/) can authenticate users with either local TLS-encrypted HTTP basic authentication or a remote Lightweight Directory Access Protocol (LDAP) authentication server. @@ -102,4 +103,46 @@ When users [set up authentication](#AuthSetup) for Malcolm a set of unique [self Another option is for users to generate their own certificates (or have them issued directly) and have them placed in the `nginx/certs/` directory. The certificate and key file should be named `cert.pem` and `key.pem`, respectively. -A third possibility is to use a third-party reverse proxy (e.g., [Traefik](https://doc.traefik.io/traefik/) or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy)) to handle the issuance of the certificates and to broker the connections between clients and Malcolm. Reverse proxies such as these often implement the [ACME](https://datatracker.ietf.org/doc/html/rfc8555) protocol for domain name authentication and can be used to request certificates from certificate authorities such as [Let's Encrypt](https://letsencrypt.org/how-it-works/). In this configuration, the reverse proxy will be encrypting the connections instead of Malcolm, so users will need to set the `NGINX_SSL` environment variable to `false` in [`nginx.env`](malcolm-config.md#MalcolmConfigEnvVars) (or answer `no` to the "Require encrypted HTTPS connections?" question posed by `./scripts/configure`). If you are setting `NGINX_SSL` to `false`, **make sure** user must understand precisely what they are doing, ensuring that external connections cannot reach ports over which Malcolm will be communicating without encryption, including verifying local firewall configuration. \ No newline at end of file +A third possibility is to use a third-party reverse proxy (e.g., [Traefik](https://doc.traefik.io/traefik/) or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy)) to handle the issuance of the certificates and to broker the connections between clients and Malcolm. Reverse proxies such as these often implement the [ACME](https://datatracker.ietf.org/doc/html/rfc8555) protocol for domain name authentication and can be used to request certificates from certificate authorities such as [Let's Encrypt](https://letsencrypt.org/how-it-works/). In this configuration, the reverse proxy will be encrypting the connections instead of Malcolm, so users will need to set the `NGINX_SSL` environment variable to `false` in [`nginx.env`](malcolm-config.md#MalcolmConfigEnvVars) (or answer `no` to the "Require encrypted HTTPS connections?" question posed by `./scripts/configure`). If you are setting `NGINX_SSL` to `false`, **make sure** user must understand precisely what they are doing, ensuring that external connections cannot reach ports over which Malcolm will be communicating without encryption, including verifying local firewall configuration. + +# Command-line arguments + +The `./scripts/auth_setup` script can also be run noninteractively which can be useful for scripting Malcolm setup. This behavior can be selected by supplying the `--auth-noninteractive` option on the command line. Running with the `--help` option will list the arguments accepted by the script: + +``` +$ ./scripts/auth_setup --help +usage: auth_setup