Skip to content

Commit fa98dfa

Browse files
ebeahanebeahan
authored
add component template for email.* field set (#1705) (#1706)
* add component template for email.* field set * CHANGELOG.next entry
1 parent 3d83043 commit fa98dfa

File tree

2 files changed

+155
-1
lines changed

2 files changed

+155
-1
lines changed

CHANGELOG.next.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ Thanks, you're awesome :-) -->
4141
#### Added
4242

4343
* Added two new fields (sha384,tlsh) to hash schema and one field to pe schema (pehash). #1678
44-
* Added `email.*` beta field set. ##1688
44+
* Added `email.*` beta field set. ##1688, #1705
4545

4646
#### Removed
4747

generated/elasticsearch/component/email.json

+154
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
{
2+
"_meta": {
3+
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-email.html",
4+
"ecs_version": "8.1.0-dev"
5+
},
6+
"template": {
7+
"mappings": {
8+
"properties": {
9+
"email": {
10+
"properties": {
11+
"attachments": {
12+
"properties": {
13+
"file": {
14+
"properties": {
15+
"extension": {
16+
"ignore_above": 1024,
17+
"type": "keyword"
18+
},
19+
"hash": {
20+
"properties": {
21+
"md5": {
22+
"ignore_above": 1024,
23+
"type": "keyword"
24+
},
25+
"sha1": {
26+
"ignore_above": 1024,
27+
"type": "keyword"
28+
},
29+
"sha256": {
30+
"ignore_above": 1024,
31+
"type": "keyword"
32+
},
33+
"sha384": {
34+
"ignore_above": 1024,
35+
"type": "keyword"
36+
},
37+
"sha512": {
38+
"ignore_above": 1024,
39+
"type": "keyword"
40+
},
41+
"ssdeep": {
42+
"ignore_above": 1024,
43+
"type": "keyword"
44+
},
45+
"tlsh": {
46+
"ignore_above": 1024,
47+
"type": "keyword"
48+
}
49+
}
50+
},
51+
"mime_type": {
52+
"ignore_above": 1024,
53+
"type": "keyword"
54+
},
55+
"name": {
56+
"ignore_above": 1024,
57+
"type": "keyword"
58+
},
59+
"size": {
60+
"type": "long"
61+
}
62+
}
63+
}
64+
},
65+
"type": "nested"
66+
},
67+
"bcc": {
68+
"properties": {
69+
"address": {
70+
"ignore_above": 1024,
71+
"type": "keyword"
72+
}
73+
}
74+
},
75+
"cc": {
76+
"properties": {
77+
"address": {
78+
"ignore_above": 1024,
79+
"type": "keyword"
80+
}
81+
}
82+
},
83+
"content_type": {
84+
"ignore_above": 1024,
85+
"type": "keyword"
86+
},
87+
"delivery_timestamp": {
88+
"type": "date"
89+
},
90+
"direction": {
91+
"ignore_above": 1024,
92+
"type": "keyword"
93+
},
94+
"from": {
95+
"properties": {
96+
"address": {
97+
"ignore_above": 1024,
98+
"type": "keyword"
99+
}
100+
}
101+
},
102+
"local_id": {
103+
"ignore_above": 1024,
104+
"type": "keyword"
105+
},
106+
"message_id": {
107+
"type": "wildcard"
108+
},
109+
"origination_timestamp": {
110+
"type": "date"
111+
},
112+
"reply_to": {
113+
"properties": {
114+
"address": {
115+
"ignore_above": 1024,
116+
"type": "keyword"
117+
}
118+
}
119+
},
120+
"sender": {
121+
"properties": {
122+
"address": {
123+
"ignore_above": 1024,
124+
"type": "keyword"
125+
}
126+
}
127+
},
128+
"subject": {
129+
"fields": {
130+
"text": {
131+
"type": "match_only_text"
132+
}
133+
},
134+
"ignore_above": 1024,
135+
"type": "keyword"
136+
},
137+
"to": {
138+
"properties": {
139+
"address": {
140+
"ignore_above": 1024,
141+
"type": "keyword"
142+
}
143+
}
144+
},
145+
"x_mailer": {
146+
"ignore_above": 1024,
147+
"type": "keyword"
148+
}
149+
}
150+
}
151+
}
152+
}
153+
}
154+
}

0 commit comments

Comments
 (0)