diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkConfidence.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkConfidence.cs index 11136adb..8351b2a9 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkConfidence.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkConfidence.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; using BenchmarkDotNet.Mathematics; using Perfolizer.Mathematics.Common; @@ -20,22 +21,22 @@ public BenchmarkConfidence(ConfidenceInterval interval) StandardError = interval.StandardError; } - [DataMember(Name = "level")] + [JsonPropertyName("level"), DataMember(Name = "level")] public ConfidenceLevel Level { get; set; } - [DataMember(Name = "lower")] + [JsonPropertyName("lower"), DataMember(Name = "lower")] public double Lower { get; set; } - [DataMember(Name = "margin")] + [JsonPropertyName("margin"), DataMember(Name = "margin")] public double Margin { get; set; } - [DataMember(Name = "mean")] + [JsonPropertyName("mean"), DataMember(Name = "mean")] public double Mean { get; set; } - [DataMember(Name = "n")] + [JsonPropertyName("n"), DataMember(Name = "n")] public int N { get; set; } - [DataMember(Name = "standard_error")] + [JsonPropertyName("standard_error"), DataMember(Name = "standard_error")] public double StandardError { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkDocument.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkDocument.cs index 3bc7bbbd..dfc2517d 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkDocument.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkDocument.cs @@ -4,6 +4,7 @@ using System; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { @@ -12,7 +13,7 @@ namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain /// public class BenchmarkDocument : EcsDocument { - [DataMember(Name = "benchmark")] + [JsonPropertyName("benchmark"), DataMember(Name = "benchmark")] public BenchmarkData Benchmark { get; set; } protected override bool TryRead(string propertyName, out Type type) diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkEvent.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkEvent.cs index bdb89ae3..fdab8f53 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkEvent.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkEvent.cs @@ -4,27 +4,28 @@ using System.Collections.Generic; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkEvent : Event { - [DataMember(Name = "description")] + [JsonPropertyName("description"), DataMember(Name = "description")] public string Description { get; set; } - [DataMember(Name = "parameters")] + [JsonPropertyName("parameters"), DataMember(Name = "parameters")] public string Parameters { get; set; } - [DataMember(Name = "method")] + [JsonPropertyName("method"), DataMember(Name = "method")] public string Method { get; set; } - [DataMember(Name = "measurement_stages")] + [JsonPropertyName("measurement_stages"), DataMember(Name = "measurement_stages")] public IEnumerable MeasurementStages { get; set; } - [DataMember(Name = "repetitions")] + [JsonPropertyName("repetitions"), DataMember(Name = "repetitions")] public BenchmarkSimplifiedWorkloadCounts Repetitions { get; set; } - [DataMember(Name = "job_config")] + [JsonPropertyName("job_config"), DataMember(Name = "job_config")] public BenchmarkJobConfig JobConfig { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcInfo.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcInfo.cs index a136c3bf..af634790 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcInfo.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcInfo.cs @@ -3,36 +3,37 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkGcInfo { - [DataMember(Name = "force")] + [JsonPropertyName("force"), DataMember(Name = "force")] public bool Force { get; set; } - [DataMember(Name = "server")] + [JsonPropertyName("server"), DataMember(Name = "server")] public bool Server { get; set; } - [DataMember(Name = "concurrent")] + [JsonPropertyName("concurrent"), DataMember(Name = "concurrent")] public bool Concurrent { get; set; } - [DataMember(Name = "retain_vm")] + [JsonPropertyName("retain_vm"), DataMember(Name = "retain_vm")] public bool RetainVm { get; set; } - [DataMember(Name = "cpu_groups")] + [JsonPropertyName("cpu_groups"), DataMember(Name = "cpu_groups")] public bool CpuGroups { get; set; } - [DataMember(Name = "heap_count")] + [JsonPropertyName("heap_count"), DataMember(Name = "heap_count")] public int HeapCount { get; set; } - [DataMember(Name = "no_affinitize")] + [JsonPropertyName("no_affinitize"), DataMember(Name = "no_affinitize")] public bool NoAffinitize { get; set; } - [DataMember(Name = "heap_affinitize")] + [JsonPropertyName("heap_affinitize"), DataMember(Name = "heap_affinitize")] public int HeapAffinitizeMask { get; set; } - [DataMember(Name = "allow_very_large_objects")] + [JsonPropertyName("allow_very_large_objects"), DataMember(Name = "allow_very_large_objects")] public bool AllowVeryLargeObjects { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcStats.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcStats.cs index b18861c3..20496164 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcStats.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGcStats.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; using BenchmarkDotNet.Engines; using BenchmarkDotNet.Running; @@ -19,19 +20,19 @@ public BenchmarkGcStats(GcStats statistics, BenchmarkCase benchmarkCase) BytesAllocatedPerOperation = statistics.GetBytesAllocatedPerOperation(benchmarkCase); } - [DataMember(Name = "bytes_allocated_per_operation")] + [JsonPropertyName("bytes_allocated_per_operation"), DataMember(Name = "bytes_allocated_per_operation")] public long BytesAllocatedPerOperation { get; set; } - [DataMember(Name = "total_operations")] + [JsonPropertyName("total_operations"), DataMember(Name = "total_operations")] public long TotalOperations { get; set; } - [DataMember(Name = "gen2_collections")] + [JsonPropertyName("gen2_collections"), DataMember(Name = "gen2_collections")] public int Gen2Collections { get; set; } - [DataMember(Name = "gen1_collections")] + [JsonPropertyName("gen1_collections"), DataMember(Name = "gen1_collections")] public int Gen1Collections { get; set; } - [DataMember(Name = "gen0_collections")] + [JsonPropertyName("gen0_collections"), DataMember(Name = "gen0_collections")] public int Gen0Collections { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGit.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGit.cs index 8c275185..6ee6a02d 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGit.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkGit.cs @@ -3,21 +3,22 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkGit { - [DataMember(Name = "branch")] + [JsonPropertyName("branch"), DataMember(Name = "branch")] public string BranchName { get; set; } - [DataMember(Name = "sha")] + [JsonPropertyName("sha"), DataMember(Name = "sha")] public string Sha { get; set; } - [DataMember(Name = "commit_message")] + [JsonPropertyName("commit_message"), DataMember(Name = "commit_message")] public string CommitMessage { get; set; } - [DataMember(Name = "repository")] + [JsonPropertyName("repository"), DataMember(Name = "repository")] public string Repository { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkHost.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkHost.cs index 88b9678f..fa514788 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkHost.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkHost.cs @@ -3,36 +3,37 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkHost : Host { - [DataMember(Name = "processor_name")] + [JsonPropertyName("processor_name"), DataMember(Name = "processor_name")] public string ProcessorName { get; set; } - [DataMember(Name = "physical_processor_count")] + [JsonPropertyName("physical_processor_count"), DataMember(Name = "physical_processor_count")] public int? PhysicalProcessorCount { get; set; } - [DataMember(Name = "physical_core_count")] + [JsonPropertyName("physical_core_count"), DataMember(Name = "physical_core_count")] public int? PhysicalCoreCount { get; set; } - [DataMember(Name = "logical_core_count")] + [JsonPropertyName("logical_core_count"), DataMember(Name = "logical_core_count")] public int? LogicalCoreCount { get; set; } - [DataMember(Name = "has_attached_debugger")] + [JsonPropertyName("has_attached_debugger"), DataMember(Name = "has_attached_debugger")] public bool HasAttachedDebugger { get; set; } - [DataMember(Name = "hardware_timer_kind")] + [JsonPropertyName("hardware_timer_kind"), DataMember(Name = "hardware_timer_kind")] public string HardwareTimerKind { get; set; } - [DataMember(Name = "chronometer_frequency_hertz")] + [JsonPropertyName("chronometer_frequency_hertz"), DataMember(Name = "chronometer_frequency_hertz")] public double ChronometerFrequencyHertz { get; set; } - [DataMember(Name = "vm_hypervisor")] + [JsonPropertyName("vm_hypervisor"), DataMember(Name = "vm_hypervisor")] public string VirtualMachineHypervisor { get; set; } - [DataMember(Name = "in_docker")] + [JsonPropertyName("in_docker"), DataMember(Name = "in_docker")] public bool InDocker { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkJobConfig.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkJobConfig.cs index 2c95ca3e..85bda97f 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkJobConfig.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkJobConfig.cs @@ -3,27 +3,28 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkJobConfig { - [DataMember(Name = "platform")] + [JsonPropertyName("platform"), DataMember(Name = "platform")] public string Platform { get; set; } - [DataMember(Name = "runtime")] + [JsonPropertyName("runtime"), DataMember(Name = "runtime")] public string RunTime { get; set; } - [DataMember(Name = "jit")] + [JsonPropertyName("jit"), DataMember(Name = "jit")] public string Jit { get; set; } - [DataMember(Name = "gc")] + [JsonPropertyName("gc"), DataMember(Name = "gc")] public BenchmarkGcInfo Gc { get; set; } - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } - [DataMember(Name = "launch")] + [JsonPropertyName("launch"), DataMember(Name = "launch")] public BenchmarkLaunchInformation Launch { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLanguage.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLanguage.cs index 89a56f34..ad91f5cd 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLanguage.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLanguage.cs @@ -3,33 +3,34 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkLanguage { - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } - [DataMember(Name = "dotnet_sdk_version")] + [JsonPropertyName("dotnet_sdk_version"), DataMember(Name = "dotnet_sdk_version")] public string DotNetSdkVersion { get; set; } - [DataMember(Name = "has_ryu_jit")] + [JsonPropertyName("has_ryu_jit"), DataMember(Name = "has_ryu_jit")] public bool HasRyuJit { get; set; } - [DataMember(Name = "jit_modules")] + [JsonPropertyName("jit_modules"), DataMember(Name = "jit_modules")] public string JitModules { get; set; } - [DataMember(Name = "build_configuration")] + [JsonPropertyName("build_configuration"), DataMember(Name = "build_configuration")] public string BuildConfiguration { get; set; } - [DataMember(Name = "benchmarkdotnet_version")] + [JsonPropertyName("benchmarkdotnet_version"), DataMember(Name = "benchmarkdotnet_version")] public string BenchmarkDotNetVersion { get; set; } - [DataMember(Name = "benchmarkdotnet_caption")] + [JsonPropertyName("benchmarkdotnet_caption"), DataMember(Name = "benchmarkdotnet_caption")] public string BenchmarkDotNetCaption { get; set; } - [DataMember(Name = "jit_info")] + [JsonPropertyName("jit_info"), DataMember(Name = "jit_info")] public string JitInfo { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLaunchInformation.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLaunchInformation.cs index a9bd55c8..fab8746d 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLaunchInformation.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkLaunchInformation.cs @@ -3,42 +3,43 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkLaunchInformation { - [DataMember(Name = "run_strategy")] + [JsonPropertyName("run_strategy"), DataMember(Name = "run_strategy")] public string RunStrategy { get; set; } - [DataMember(Name = "launch_count")] + [JsonPropertyName("launch_count"), DataMember(Name = "launch_count")] public int LaunchCount { get; set; } - [DataMember(Name = "warm_count")] + [JsonPropertyName("warm_count"), DataMember(Name = "warm_count")] public int WarmCount { get; set; } - [DataMember(Name = "unroll_factor")] + [JsonPropertyName("unroll_factor"), DataMember(Name = "unroll_factor")] public int UnrollFactor { get; set; } - [DataMember(Name = "iteration_count")] + [JsonPropertyName("iteration_count"), DataMember(Name = "iteration_count")] public int IterationCount { get; set; } - [DataMember(Name = "invocation_count")] + [JsonPropertyName("invocation_count"), DataMember(Name = "invocation_count")] public int InvocationCount { get; set; } - [DataMember(Name = "max_iteration_count")] + [JsonPropertyName("max_iteration_count"), DataMember(Name = "max_iteration_count")] public int MaxIterationCount { get; set; } - [DataMember(Name = "min_iteration_count")] + [JsonPropertyName("min_iteration_count"), DataMember(Name = "min_iteration_count")] public int MinIterationCount { get; set; } - [DataMember(Name = "max_warmup_iteration_count")] + [JsonPropertyName("max_warmup_iteration_count"), DataMember(Name = "max_warmup_iteration_count")] public int MaxWarmupIterationCount { get; set; } - [DataMember(Name = "min_warmup_iteration_count")] + [JsonPropertyName("min_warmup_iteration_count"), DataMember(Name = "min_warmup_iteration_count")] public int MinWarmupIterationCount { get; set; } - [DataMember(Name = "iteration_time_in_ms")] + [JsonPropertyName("iteration_time_in_ms"), DataMember(Name = "iteration_time_in_ms")] public double IterationTimeInMilliseconds { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkMeasurementStage.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkMeasurementStage.cs index 0aab2839..b0d37c0c 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkMeasurementStage.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkMeasurementStage.cs @@ -3,18 +3,19 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkMeasurementStage { - [DataMember(Name = "iteration_mode")] + [JsonPropertyName("iteration_mode"), DataMember(Name = "iteration_mode")] public string IterationMode { get; set; } - [DataMember(Name = "iteration_stage")] + [JsonPropertyName("iteration_stage"), DataMember(Name = "iteration_stage")] public string IterationStage { get; set; } - [DataMember(Name = "operations")] + [JsonPropertyName("operations"), DataMember(Name = "operations")] public long Operations { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkSimplifiedWorkloadCounts.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkSimplifiedWorkloadCounts.cs index dd67aab4..a8ccfd0a 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkSimplifiedWorkloadCounts.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/BenchmarkSimplifiedWorkloadCounts.cs @@ -3,15 +3,16 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain { public class BenchmarkSimplifiedWorkloadCounts { - [DataMember(Name = "warmup")] + [JsonPropertyName("warmup"), DataMember(Name = "warmup")] public long Warmup { get; set; } - [DataMember(Name = "measured")] + [JsonPropertyName("measured"), DataMember(Name = "measured")] public long Measured { get; set; } } } diff --git a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/Domain.cs b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/Domain.cs index aec3d894..5a56eb05 100644 --- a/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/Domain.cs +++ b/src/Elastic.CommonSchema.BenchmarkDotNetExporter/Domain/Domain.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.Runtime.Serialization; +using System.Text.Json.Serialization; using BenchmarkDotNet.Mathematics; namespace Elastic.CommonSchema.BenchmarkDotNetExporter.Domain @@ -33,67 +34,67 @@ public BenchmarkData(Statistics statistics) Percentiles = statistics.Percentiles; } - [DataMember(Name = "all_outliers")] + [JsonPropertyName("all_outliers"), DataMember(Name = "all_outliers")] public double[] AllOutliers { get; internal set; } - [DataMember(Name = "confidence_interval")] + [JsonPropertyName("confidence_interval"), DataMember(Name = "confidence_interval")] public BenchmarkConfidence ConfidenceInterval { get; internal set; } - [DataMember(Name = "interquartile_range")] + [JsonPropertyName("interquartile_range"), DataMember(Name = "interquartile_range")] public double InterquartileRange { get; internal set; } - [DataMember(Name = "kurtosis")] + [JsonPropertyName("kurtosis"), DataMember(Name = "kurtosis")] public double Kurtosis { get; internal set; } - [DataMember(Name = "lower_fence")] + [JsonPropertyName("lower_fence"), DataMember(Name = "lower_fence")] public double LowerFence { get; internal set; } - [DataMember(Name = "lower_outliers")] + [JsonPropertyName("lower_outliers"), DataMember(Name = "lower_outliers")] public double[] LowerOutliers { get; internal set; } - [DataMember(Name = "max")] + [JsonPropertyName("max"), DataMember(Name = "max")] public double Max { get; internal set; } - [DataMember(Name = "mean")] + [JsonPropertyName("mean"), DataMember(Name = "mean")] public double Mean { get; internal set; } - [DataMember(Name = "median")] + [JsonPropertyName("median"), DataMember(Name = "median")] public double Median { get; internal set; } - [DataMember(Name = "memory")] + [JsonPropertyName("memory"), DataMember(Name = "memory")] public BenchmarkGcStats Memory { get; internal set; } - [DataMember(Name = "min")] + [JsonPropertyName("min"), DataMember(Name = "min")] public double Min { get; internal set; } - [DataMember(Name = "n")] + [JsonPropertyName("n"), DataMember(Name = "n")] public int N { get; internal set; } - [DataMember(Name = "percentiles")] + [JsonPropertyName("percentiles"), DataMember(Name = "percentiles")] public PercentileValues Percentiles { get; internal set; } - [DataMember(Name = "q1")] + [JsonPropertyName("q1"), DataMember(Name = "q1")] public double Q1 { get; internal set; } - [DataMember(Name = "q3")] + [JsonPropertyName("q3"), DataMember(Name = "q3")] public double Q3 { get; internal set; } - [DataMember(Name = "skewness")] + [JsonPropertyName("skewness"), DataMember(Name = "skewness")] public double Skewness { get; internal set; } - [DataMember(Name = "standard_deviation")] + [JsonPropertyName("standard_deviation"), DataMember(Name = "standard_deviation")] public double StandardDeviation { get; internal set; } - [DataMember(Name = "standard_error")] + [JsonPropertyName("standard_error"), DataMember(Name = "standard_error")] public double StandardError { get; internal set; } - [DataMember(Name = "upper_fence")] + [JsonPropertyName("upper_fence"), DataMember(Name = "upper_fence")] public double UpperFence { get; internal set; } - [DataMember(Name = "upper_outliers")] + [JsonPropertyName("upper_outliers"), DataMember(Name = "upper_outliers")] public double[] UpperOutliers { get; internal set; } - [DataMember(Name = "variance")] + [JsonPropertyName("variance"), DataMember(Name = "variance")] public double Variance { get; internal set; } } } diff --git a/src/Elastic.CommonSchema.Generator/Views/EcsDocument.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/EcsDocument.Generated.cshtml index b112679b..fe3ea9f0 100644 --- a/src/Elastic.CommonSchema.Generator/Views/EcsDocument.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/EcsDocument.Generated.cshtml @@ -20,6 +20,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -35,14 +36,14 @@ namespace Elastic.CommonSchema /// /// Container for additional metadata against this event. /// - [DataMember(Name = "metadata")] + [JsonPropertyName("metadata"), DataMember(Name = "metadata")] public @Raw("IDictionary") Metadata { get; set; } @foreach (var property in Model.Base.EntityProperties) { ///@property.FullPath - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.Entity.Name @property.Name { get; set; } } @@ -50,7 +51,7 @@ namespace Elastic.CommonSchema { ///@entity.BaseFieldSet.FieldSet.Name - [DataMember(Name = "@entity.BaseFieldSet.FieldSet.Name")] + [JsonPropertyName("@entity.BaseFieldSet.FieldSet.Name"), DataMember(Name = "@entity.BaseFieldSet.FieldSet.Name")] public @entity.Name @entity.Name { get; set; } } diff --git a/src/Elastic.CommonSchema.Generator/Views/Entities.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/Entities.Generated.cshtml index 9e2c86fa..92505c1e 100644 --- a/src/Elastic.CommonSchema.Generator/Views/Entities.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/Entities.Generated.cshtml @@ -20,6 +20,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -35,7 +36,7 @@ namespace Elastic.CommonSchema /// @property.FullPath /// @Raw(property.Example) /// - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.ClrType @property.Name { get; set; } } @@ -54,7 +55,7 @@ namespace Elastic.CommonSchema /// @property.FullPath /// @Raw(property.Example) /// - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.ClrType @property.Name { get; set; } } diff --git a/src/Elastic.CommonSchema.Generator/Views/FieldSets.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/FieldSets.Generated.cshtml index 4ffd5838..a636d353 100644 --- a/src/Elastic.CommonSchema.Generator/Views/FieldSets.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/FieldSets.Generated.cshtml @@ -20,6 +20,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -38,7 +39,7 @@ namespace Elastic.CommonSchema /// @Raw(property.Description) /// @Raw(property.Example) /// - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.ClrType @property.Name { get; set; } } @@ -50,7 +51,7 @@ namespace Elastic.CommonSchema /// @Raw(property.Description) /// @Raw(property.Example) /// - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.ClrType @property.Name { get; set; } } diff --git a/src/Elastic.CommonSchema.Generator/Views/IndexComponents.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/IndexComponents.Generated.cshtml index 3d35b81c..3902bfa3 100644 --- a/src/Elastic.CommonSchema.Generator/Views/IndexComponents.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/IndexComponents.Generated.cshtml @@ -21,6 +21,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.Elasticsearch { diff --git a/src/Elastic.CommonSchema.Generator/Views/IndexTemplates.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/IndexTemplates.Generated.cshtml index c7f72fa9..aca2a5d0 100644 --- a/src/Elastic.CommonSchema.Generator/Views/IndexTemplates.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/IndexTemplates.Generated.cshtml @@ -21,6 +21,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.Elasticsearch { diff --git a/src/Elastic.CommonSchema.Generator/Views/InlineObjects.Generated.cshtml b/src/Elastic.CommonSchema.Generator/Views/InlineObjects.Generated.cshtml index 99f0f570..6c047e54 100644 --- a/src/Elastic.CommonSchema.Generator/Views/InlineObjects.Generated.cshtml +++ b/src/Elastic.CommonSchema.Generator/Views/InlineObjects.Generated.cshtml @@ -20,6 +20,7 @@ using System.Threading.Tasks; using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -34,7 +35,7 @@ namespace Elastic.CommonSchema { ///@property.FullPath - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.ClrType @property.Name { get; set; } } @@ -42,7 +43,7 @@ namespace Elastic.CommonSchema { ///@property.FullPath - [DataMember(Name = "@property.JsonProperty")] + [JsonPropertyName("@property.JsonProperty"), DataMember(Name = "@property.JsonProperty")] public @property.Entity.Name @property.Name { get; set; } } diff --git a/src/Elastic.CommonSchema/EcsDocument.Generated.cs b/src/Elastic.CommonSchema/EcsDocument.Generated.cs index 1f0b1509..50987aec 100644 --- a/src/Elastic.CommonSchema/EcsDocument.Generated.cs +++ b/src/Elastic.CommonSchema/EcsDocument.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -32,192 +33,192 @@ public partial class EcsDocument : BaseFieldSet /// /// Container for additional metadata against this event. /// - [DataMember(Name = "metadata")] + [JsonPropertyName("metadata"), DataMember(Name = "metadata")] public IDictionary Metadata { get; set; } ///agent - [DataMember(Name = "agent")] + [JsonPropertyName("agent"), DataMember(Name = "agent")] public Agent Agent { get; set; } ///as - [DataMember(Name = "as")] + [JsonPropertyName("as"), DataMember(Name = "as")] public As As { get; set; } ///client - [DataMember(Name = "client")] + [JsonPropertyName("client"), DataMember(Name = "client")] public Client Client { get; set; } ///cloud - [DataMember(Name = "cloud")] + [JsonPropertyName("cloud"), DataMember(Name = "cloud")] public Cloud Cloud { get; set; } ///code_signature - [DataMember(Name = "code_signature")] + [JsonPropertyName("code_signature"), DataMember(Name = "code_signature")] public CodeSignature CodeSignature { get; set; } ///container - [DataMember(Name = "container")] + [JsonPropertyName("container"), DataMember(Name = "container")] public Container Container { get; set; } ///data_stream - [DataMember(Name = "data_stream")] + [JsonPropertyName("data_stream"), DataMember(Name = "data_stream")] public DataStream DataStream { get; set; } ///destination - [DataMember(Name = "destination")] + [JsonPropertyName("destination"), DataMember(Name = "destination")] public Destination Destination { get; set; } ///dll - [DataMember(Name = "dll")] + [JsonPropertyName("dll"), DataMember(Name = "dll")] public Dll Dll { get; set; } ///dns - [DataMember(Name = "dns")] + [JsonPropertyName("dns"), DataMember(Name = "dns")] public Dns Dns { get; set; } ///ecs - [DataMember(Name = "ecs")] + [JsonPropertyName("ecs"), DataMember(Name = "ecs")] public Ecs Ecs { get; set; } ///elf - [DataMember(Name = "elf")] + [JsonPropertyName("elf"), DataMember(Name = "elf")] public Elf Elf { get; set; } ///email - [DataMember(Name = "email")] + [JsonPropertyName("email"), DataMember(Name = "email")] public Email Email { get; set; } ///error - [DataMember(Name = "error")] + [JsonPropertyName("error"), DataMember(Name = "error")] public Error Error { get; set; } ///event - [DataMember(Name = "event")] + [JsonPropertyName("event"), DataMember(Name = "event")] public Event Event { get; set; } ///faas - [DataMember(Name = "faas")] + [JsonPropertyName("faas"), DataMember(Name = "faas")] public Faas Faas { get; set; } ///file - [DataMember(Name = "file")] + [JsonPropertyName("file"), DataMember(Name = "file")] public File File { get; set; } ///geo - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } ///group - [DataMember(Name = "group")] + [JsonPropertyName("group"), DataMember(Name = "group")] public Group Group { get; set; } ///hash - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public Hash Hash { get; set; } ///host - [DataMember(Name = "host")] + [JsonPropertyName("host"), DataMember(Name = "host")] public Host Host { get; set; } ///http - [DataMember(Name = "http")] + [JsonPropertyName("http"), DataMember(Name = "http")] public Http Http { get; set; } ///interface - [DataMember(Name = "interface")] + [JsonPropertyName("interface"), DataMember(Name = "interface")] public Interface Interface { get; set; } ///log - [DataMember(Name = "log")] + [JsonPropertyName("log"), DataMember(Name = "log")] public Log Log { get; set; } ///network - [DataMember(Name = "network")] + [JsonPropertyName("network"), DataMember(Name = "network")] public Network Network { get; set; } ///observer - [DataMember(Name = "observer")] + [JsonPropertyName("observer"), DataMember(Name = "observer")] public Observer Observer { get; set; } ///orchestrator - [DataMember(Name = "orchestrator")] + [JsonPropertyName("orchestrator"), DataMember(Name = "orchestrator")] public Orchestrator Orchestrator { get; set; } ///organization - [DataMember(Name = "organization")] + [JsonPropertyName("organization"), DataMember(Name = "organization")] public Organization Organization { get; set; } ///os - [DataMember(Name = "os")] + [JsonPropertyName("os"), DataMember(Name = "os")] public Os Os { get; set; } ///package - [DataMember(Name = "package")] + [JsonPropertyName("package"), DataMember(Name = "package")] public Package Package { get; set; } ///pe - [DataMember(Name = "pe")] + [JsonPropertyName("pe"), DataMember(Name = "pe")] public Pe Pe { get; set; } ///process - [DataMember(Name = "process")] + [JsonPropertyName("process"), DataMember(Name = "process")] public Process Process { get; set; } ///registry - [DataMember(Name = "registry")] + [JsonPropertyName("registry"), DataMember(Name = "registry")] public Registry Registry { get; set; } ///related - [DataMember(Name = "related")] + [JsonPropertyName("related"), DataMember(Name = "related")] public Related Related { get; set; } ///rule - [DataMember(Name = "rule")] + [JsonPropertyName("rule"), DataMember(Name = "rule")] public Rule Rule { get; set; } ///server - [DataMember(Name = "server")] + [JsonPropertyName("server"), DataMember(Name = "server")] public Server Server { get; set; } ///service - [DataMember(Name = "service")] + [JsonPropertyName("service"), DataMember(Name = "service")] public Service Service { get; set; } ///source - [DataMember(Name = "source")] + [JsonPropertyName("source"), DataMember(Name = "source")] public Source Source { get; set; } ///threat - [DataMember(Name = "threat")] + [JsonPropertyName("threat"), DataMember(Name = "threat")] public Threat Threat { get; set; } ///tls - [DataMember(Name = "tls")] + [JsonPropertyName("tls"), DataMember(Name = "tls")] public Tls Tls { get; set; } ///url - [DataMember(Name = "url")] + [JsonPropertyName("url"), DataMember(Name = "url")] public Url Url { get; set; } ///user - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } ///user_agent - [DataMember(Name = "user_agent")] + [JsonPropertyName("user_agent"), DataMember(Name = "user_agent")] public UserAgent UserAgent { get; set; } ///vlan - [DataMember(Name = "vlan")] + [JsonPropertyName("vlan"), DataMember(Name = "vlan")] public Vlan Vlan { get; set; } ///vulnerability - [DataMember(Name = "vulnerability")] + [JsonPropertyName("vulnerability"), DataMember(Name = "vulnerability")] public Vulnerability Vulnerability { get; set; } ///x509 - [DataMember(Name = "x509")] + [JsonPropertyName("x509"), DataMember(Name = "x509")] public X509 X509 { get; set; } } } diff --git a/src/Elastic.CommonSchema/Entities.Generated.cs b/src/Elastic.CommonSchema/Entities.Generated.cs index 323484ae..33fd8e34 100644 --- a/src/Elastic.CommonSchema/Entities.Generated.cs +++ b/src/Elastic.CommonSchema/Entities.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -36,7 +37,7 @@ public class ProcessParent : ProcessFieldSet { /// process.parent.group_leader /// /// - [DataMember(Name = "group_leader")] + [JsonPropertyName("group_leader"), DataMember(Name = "group_leader")] public ProcessParentGroupLeader GroupLeader { get; set; } } @@ -47,7 +48,7 @@ public class ProcessEntryLeader : ProcessFieldSet { /// process.entry_leader.parent /// /// - [DataMember(Name = "parent")] + [JsonPropertyName("parent"), DataMember(Name = "parent")] public ProcessEntryLeaderParent Parent { get; set; } } @@ -58,7 +59,7 @@ public class ProcessSessionLeader : ProcessFieldSet { /// process.session_leader.parent /// /// - [DataMember(Name = "parent")] + [JsonPropertyName("parent"), DataMember(Name = "parent")] public ProcessSessionLeaderParent Parent { get; set; } } @@ -77,7 +78,7 @@ public class ProcessEntryLeaderParent : ProcessFieldSet { /// process.entry_leader.parent.session_leader /// /// - [DataMember(Name = "session_leader")] + [JsonPropertyName("session_leader"), DataMember(Name = "session_leader")] public ProcessEntryLeaderParentSessionLeader SessionLeader { get; set; } } @@ -88,7 +89,7 @@ public class ProcessSessionLeaderParent : ProcessFieldSet { /// process.session_leader.parent.session_leader /// /// - [DataMember(Name = "session_leader")] + [JsonPropertyName("session_leader"), DataMember(Name = "session_leader")] public ProcessSessionLeaderParentSessionLeader SessionLeader { get; set; } } @@ -139,21 +140,21 @@ public class Client : ClientFieldSet { /// client.as /// /// - [DataMember(Name = "as")] + [JsonPropertyName("as"), DataMember(Name = "as")] public As As { get; set; } /// /// client.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// client.user /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } } @@ -164,14 +165,14 @@ public class Cloud : CloudFieldSet { /// cloud.origin /// /// - [DataMember(Name = "origin")] + [JsonPropertyName("origin"), DataMember(Name = "origin")] public CloudOrigin Origin { get; set; } /// /// cloud.target /// /// - [DataMember(Name = "target")] + [JsonPropertyName("target"), DataMember(Name = "target")] public CloudTarget Target { get; set; } } @@ -194,21 +195,21 @@ public class Destination : DestinationFieldSet { /// destination.as /// /// - [DataMember(Name = "as")] + [JsonPropertyName("as"), DataMember(Name = "as")] public As As { get; set; } /// /// destination.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// destination.user /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } } @@ -219,21 +220,21 @@ public class Dll : DllFieldSet { /// dll.hash /// /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public Hash Hash { get; set; } /// /// dll.pe /// /// - [DataMember(Name = "pe")] + [JsonPropertyName("pe"), DataMember(Name = "pe")] public Pe Pe { get; set; } /// /// dll.code_signature /// /// - [DataMember(Name = "code_signature")] + [JsonPropertyName("code_signature"), DataMember(Name = "code_signature")] public CodeSignature CodeSignature { get; set; } } @@ -272,35 +273,35 @@ public class File : FileFieldSet { /// file.hash /// /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public Hash Hash { get; set; } /// /// file.pe /// /// - [DataMember(Name = "pe")] + [JsonPropertyName("pe"), DataMember(Name = "pe")] public Pe Pe { get; set; } /// /// file.x509 /// /// - [DataMember(Name = "x509")] + [JsonPropertyName("x509"), DataMember(Name = "x509")] public X509 X509 { get; set; } /// /// file.code_signature /// /// - [DataMember(Name = "code_signature")] + [JsonPropertyName("code_signature"), DataMember(Name = "code_signature")] public CodeSignature CodeSignature { get; set; } /// /// file.elf /// /// - [DataMember(Name = "elf")] + [JsonPropertyName("elf"), DataMember(Name = "elf")] public Elf Elf { get; set; } } @@ -323,14 +324,14 @@ public class Host : HostFieldSet { /// host.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// host.os /// /// - [DataMember(Name = "os")] + [JsonPropertyName("os"), DataMember(Name = "os")] public Os Os { get; set; } } @@ -353,7 +354,7 @@ public class Network : NetworkFieldSet { /// network.vlan /// /// - [DataMember(Name = "vlan")] + [JsonPropertyName("vlan"), DataMember(Name = "vlan")] public Vlan Vlan { get; set; } } @@ -364,14 +365,14 @@ public class Observer : ObserverFieldSet { /// observer.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// observer.os /// /// - [DataMember(Name = "os")] + [JsonPropertyName("os"), DataMember(Name = "os")] public Os Os { get; set; } } @@ -402,119 +403,119 @@ public class Process : ProcessFieldSet { /// process.group /// /// - [DataMember(Name = "group")] + [JsonPropertyName("group"), DataMember(Name = "group")] public Group Group { get; set; } /// /// process.real_group /// /// - [DataMember(Name = "real_group")] + [JsonPropertyName("real_group"), DataMember(Name = "real_group")] public Group RealGroup { get; set; } /// /// process.saved_group /// /// - [DataMember(Name = "saved_group")] + [JsonPropertyName("saved_group"), DataMember(Name = "saved_group")] public Group SavedGroup { get; set; } /// /// process.supplemental_groups /// /// - [DataMember(Name = "supplemental_groups")] + [JsonPropertyName("supplemental_groups"), DataMember(Name = "supplemental_groups")] public Group[] SupplementalGroups { get; set; } /// /// process.hash /// /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public Hash Hash { get; set; } /// /// process.pe /// /// - [DataMember(Name = "pe")] + [JsonPropertyName("pe"), DataMember(Name = "pe")] public Pe Pe { get; set; } /// /// process.code_signature /// /// - [DataMember(Name = "code_signature")] + [JsonPropertyName("code_signature"), DataMember(Name = "code_signature")] public CodeSignature CodeSignature { get; set; } /// /// process.elf /// /// - [DataMember(Name = "elf")] + [JsonPropertyName("elf"), DataMember(Name = "elf")] public Elf Elf { get; set; } /// /// process.entry_meta.source /// /// - [DataMember(Name = "entry_meta.source")] + [JsonPropertyName("entry_meta.source"), DataMember(Name = "entry_meta.source")] public Source EntryMetaSource { get; set; } /// /// process.user /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } /// /// process.saved_user /// /// - [DataMember(Name = "saved_user")] + [JsonPropertyName("saved_user"), DataMember(Name = "saved_user")] public User SavedUser { get; set; } /// /// process.real_user /// /// - [DataMember(Name = "real_user")] + [JsonPropertyName("real_user"), DataMember(Name = "real_user")] public User RealUser { get; set; } /// /// process.parent /// /// - [DataMember(Name = "parent")] + [JsonPropertyName("parent"), DataMember(Name = "parent")] public ProcessParent Parent { get; set; } /// /// process.entry_leader /// /// - [DataMember(Name = "entry_leader")] + [JsonPropertyName("entry_leader"), DataMember(Name = "entry_leader")] public ProcessEntryLeader EntryLeader { get; set; } /// /// process.session_leader /// /// - [DataMember(Name = "session_leader")] + [JsonPropertyName("session_leader"), DataMember(Name = "session_leader")] public ProcessSessionLeader SessionLeader { get; set; } /// /// process.group_leader /// /// - [DataMember(Name = "group_leader")] + [JsonPropertyName("group_leader"), DataMember(Name = "group_leader")] public ProcessGroupLeader GroupLeader { get; set; } /// /// process.previous /// /// - [DataMember(Name = "previous")] + [JsonPropertyName("previous"), DataMember(Name = "previous")] public ProcessPrevious[] Previous { get; set; } } @@ -537,21 +538,21 @@ public class Server : ServerFieldSet { /// server.as /// /// - [DataMember(Name = "as")] + [JsonPropertyName("as"), DataMember(Name = "as")] public As As { get; set; } /// /// server.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// server.user /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } } @@ -562,14 +563,14 @@ public class Service : ServiceFieldSet { /// service.origin /// /// - [DataMember(Name = "origin")] + [JsonPropertyName("origin"), DataMember(Name = "origin")] public ServiceOrigin Origin { get; set; } /// /// service.target /// /// - [DataMember(Name = "target")] + [JsonPropertyName("target"), DataMember(Name = "target")] public ServiceTarget Target { get; set; } } @@ -580,21 +581,21 @@ public class Source : SourceFieldSet { /// source.as /// /// - [DataMember(Name = "as")] + [JsonPropertyName("as"), DataMember(Name = "as")] public As As { get; set; } /// /// source.geo /// /// - [DataMember(Name = "geo")] + [JsonPropertyName("geo"), DataMember(Name = "geo")] public Geo Geo { get; set; } /// /// source.user /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public User User { get; set; } } @@ -605,42 +606,42 @@ public class Threat : ThreatFieldSet { /// threat.indicator.x509 /// /// - [DataMember(Name = "indicator.x509")] + [JsonPropertyName("indicator.x509"), DataMember(Name = "indicator.x509")] public X509 IndicatorX509 { get; set; } /// /// threat.indicator.as /// /// - [DataMember(Name = "indicator.as")] + [JsonPropertyName("indicator.as"), DataMember(Name = "indicator.as")] public As IndicatorAs { get; set; } /// /// threat.indicator.file /// /// - [DataMember(Name = "indicator.file")] + [JsonPropertyName("indicator.file"), DataMember(Name = "indicator.file")] public File IndicatorFile { get; set; } /// /// threat.indicator.geo /// /// - [DataMember(Name = "indicator.geo")] + [JsonPropertyName("indicator.geo"), DataMember(Name = "indicator.geo")] public Geo IndicatorGeo { get; set; } /// /// threat.indicator.registry /// /// - [DataMember(Name = "indicator.registry")] + [JsonPropertyName("indicator.registry"), DataMember(Name = "indicator.registry")] public Registry IndicatorRegistry { get; set; } /// /// threat.indicator.url /// /// - [DataMember(Name = "indicator.url")] + [JsonPropertyName("indicator.url"), DataMember(Name = "indicator.url")] public Url IndicatorUrl { get; set; } } @@ -651,14 +652,14 @@ public class Tls : TlsFieldSet { /// tls.client.x509 /// /// - [DataMember(Name = "client.x509")] + [JsonPropertyName("client.x509"), DataMember(Name = "client.x509")] public X509 ClientX509 { get; set; } /// /// tls.server.x509 /// /// - [DataMember(Name = "server.x509")] + [JsonPropertyName("server.x509"), DataMember(Name = "server.x509")] public X509 ServerX509 { get; set; } } @@ -673,28 +674,28 @@ public class User : UserFieldSet { /// user.group /// /// - [DataMember(Name = "group")] + [JsonPropertyName("group"), DataMember(Name = "group")] public Group Group { get; set; } /// /// user.target /// /// - [DataMember(Name = "target")] + [JsonPropertyName("target"), DataMember(Name = "target")] public UserTarget Target { get; set; } /// /// user.effective /// /// - [DataMember(Name = "effective")] + [JsonPropertyName("effective"), DataMember(Name = "effective")] public UserEffective Effective { get; set; } /// /// user.changes /// /// - [DataMember(Name = "changes")] + [JsonPropertyName("changes"), DataMember(Name = "changes")] public UserChanges Changes { get; set; } } @@ -705,7 +706,7 @@ public class UserAgent : UserAgentFieldSet { /// user_agent.os /// /// - [DataMember(Name = "os")] + [JsonPropertyName("os"), DataMember(Name = "os")] public Os Os { get; set; } } diff --git a/src/Elastic.CommonSchema/FieldSets.Generated.cs b/src/Elastic.CommonSchema/FieldSets.Generated.cs index 97fde0e2..42ca0ce7 100644 --- a/src/Elastic.CommonSchema/FieldSets.Generated.cs +++ b/src/Elastic.CommonSchema/FieldSets.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -32,7 +33,7 @@ public abstract class AgentFieldSet { /// This field is intended to contain any build information that a data source may provide, no specific formatting is required. /// metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] /// - [DataMember(Name = "build.original")] + [JsonPropertyName("build.original"), DataMember(Name = "build.original")] public string BuildOriginal { get; set; } /// @@ -41,7 +42,7 @@ public abstract class AgentFieldSet { /// This id normally changes across restarts, but `agent.id` does not. /// 8a4f500f /// - [DataMember(Name = "ephemeral_id")] + [JsonPropertyName("ephemeral_id"), DataMember(Name = "ephemeral_id")] public string EphemeralId { get; set; } /// @@ -50,7 +51,7 @@ public abstract class AgentFieldSet { /// Example: For Beats this would be beat.id. /// 8a4f500d /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -59,7 +60,7 @@ public abstract class AgentFieldSet { /// This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. /// foo /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -68,7 +69,7 @@ public abstract class AgentFieldSet { /// The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. /// filebeat /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -76,7 +77,7 @@ public abstract class AgentFieldSet { /// Version of the agent. /// 6.0.0-rc2 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -90,7 +91,7 @@ public abstract class AsFieldSet { /// Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. /// 15169 /// - [DataMember(Name = "number")] + [JsonPropertyName("number"), DataMember(Name = "number")] public long? Number { get; set; } /// @@ -98,7 +99,7 @@ public abstract class AsFieldSet { /// Organization name. /// Google LLC /// - [DataMember(Name = "organization.name")] + [JsonPropertyName("organization.name"), DataMember(Name = "organization.name")] public string OrganizationName { get; set; } } @@ -116,7 +117,7 @@ public abstract class BaseFieldSet { ///
This is a required field /// 5/23/2016 8:05:34 AM /// - [DataMember(Name = "@timestamp")] + [JsonPropertyName("@timestamp"), DataMember(Name = "@timestamp")] public DateTimeOffset? @Timestamp { get; set; } /// @@ -126,7 +127,7 @@ public abstract class BaseFieldSet { /// If multiple messages exist, they can be combined into one message. /// Hello World /// - [DataMember(Name = "message")] + [JsonPropertyName("message"), DataMember(Name = "message")] public string Message { get; set; } /// @@ -134,7 +135,7 @@ public abstract class BaseFieldSet { /// List of keywords used to tag each event. /// ["production", "env2"] /// - [DataMember(Name = "tags")] + [JsonPropertyName("tags"), DataMember(Name = "tags")] public string[] Tags { get; set; } /// @@ -143,7 +144,7 @@ public abstract class BaseFieldSet { /// A span represents an operation within a transaction, such as a request to another service, or a database query. /// 3ff9a8981b7ccd5a /// - [DataMember(Name = "span.id")] + [JsonPropertyName("span.id"), DataMember(Name = "span.id")] public string SpanId { get; set; } /// @@ -152,7 +153,7 @@ public abstract class BaseFieldSet { /// A trace groups multiple events like transactions that belong together. For example, a user request handled by multiple inter-connected services. /// 4bf92f3577b34da6a3ce929d0e0e4736 /// - [DataMember(Name = "trace.id")] + [JsonPropertyName("trace.id"), DataMember(Name = "trace.id")] public string TraceId { get; set; } /// @@ -161,7 +162,7 @@ public abstract class BaseFieldSet { /// A transaction is the highest level of work measured within a service, such as a request to a server. /// 00f067aa0ba902b7 /// - [DataMember(Name = "transaction.id")] + [JsonPropertyName("transaction.id"), DataMember(Name = "transaction.id")] public string TransactionId { get; set; } /// @@ -171,7 +172,7 @@ public abstract class BaseFieldSet { /// Example: `docker` and `k8s` labels. /// {"application": "foo-bar", "env": "production"} /// - [DataMember(Name = "labels")] + [JsonPropertyName("labels"), DataMember(Name = "labels")] public Labels Labels { get; set; } } @@ -186,7 +187,7 @@ public abstract class ClientFieldSet { /// Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. /// /// - [DataMember(Name = "address")] + [JsonPropertyName("address"), DataMember(Name = "address")] public string Address { get; set; } /// @@ -194,7 +195,7 @@ public abstract class ClientFieldSet { /// Bytes sent from the client to the server. /// 184 /// - [DataMember(Name = "bytes")] + [JsonPropertyName("bytes"), DataMember(Name = "bytes")] public long? Bytes { get; set; } /// @@ -203,7 +204,7 @@ public abstract class ClientFieldSet { /// This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. /// foo.example.com /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -211,7 +212,7 @@ public abstract class ClientFieldSet { /// IP address of the client (IPv4 or IPv6). /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string Ip { get; set; } /// @@ -220,7 +221,7 @@ public abstract class ClientFieldSet { /// The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. /// 00-00-5E-00-53-23 /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string Mac { get; set; } /// @@ -229,7 +230,7 @@ public abstract class ClientFieldSet { /// Typically connections traversing load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.ip")] + [JsonPropertyName("nat.ip"), DataMember(Name = "nat.ip")] public string NatIp { get; set; } /// @@ -238,7 +239,7 @@ public abstract class ClientFieldSet { /// Typically connections traversing load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.port")] + [JsonPropertyName("nat.port"), DataMember(Name = "nat.port")] public long? NatPort { get; set; } /// @@ -246,7 +247,7 @@ public abstract class ClientFieldSet { /// Packets sent from the client to the server. /// 12 /// - [DataMember(Name = "packets")] + [JsonPropertyName("packets"), DataMember(Name = "packets")] public long? Packets { get; set; } /// @@ -254,7 +255,7 @@ public abstract class ClientFieldSet { /// Port of the client. /// /// - [DataMember(Name = "port")] + [JsonPropertyName("port"), DataMember(Name = "port")] public long? Port { get; set; } /// @@ -264,7 +265,7 @@ public abstract class ClientFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "registered_domain")] + [JsonPropertyName("registered_domain"), DataMember(Name = "registered_domain")] public string RegisteredDomain { get; set; } /// @@ -273,7 +274,7 @@ public abstract class ClientFieldSet { /// For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// east /// - [DataMember(Name = "subdomain")] + [JsonPropertyName("subdomain"), DataMember(Name = "subdomain")] public string Subdomain { get; set; } /// @@ -282,7 +283,7 @@ public abstract class ClientFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "top_level_domain")] + [JsonPropertyName("top_level_domain"), DataMember(Name = "top_level_domain")] public string TopLevelDomain { get; set; } } @@ -297,7 +298,7 @@ public abstract class CloudFieldSet { /// Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. /// 666777888999 /// - [DataMember(Name = "account.id")] + [JsonPropertyName("account.id"), DataMember(Name = "account.id")] public string AccountId { get; set; } /// @@ -306,7 +307,7 @@ public abstract class CloudFieldSet { /// Examples: AWS account name, Google Cloud ORG display name. /// elastic-dev /// - [DataMember(Name = "account.name")] + [JsonPropertyName("account.name"), DataMember(Name = "account.name")] public string AccountName { get; set; } /// @@ -314,7 +315,7 @@ public abstract class CloudFieldSet { /// Availability zone in which this host, resource, or service is located. /// us-east-1c /// - [DataMember(Name = "availability_zone")] + [JsonPropertyName("availability_zone"), DataMember(Name = "availability_zone")] public string AvailabilityZone { get; set; } /// @@ -322,7 +323,7 @@ public abstract class CloudFieldSet { /// Instance ID of the host machine. /// i-1234567890abcdef0 /// - [DataMember(Name = "instance.id")] + [JsonPropertyName("instance.id"), DataMember(Name = "instance.id")] public string InstanceId { get; set; } /// @@ -330,7 +331,7 @@ public abstract class CloudFieldSet { /// Instance name of the host machine. /// /// - [DataMember(Name = "instance.name")] + [JsonPropertyName("instance.name"), DataMember(Name = "instance.name")] public string InstanceName { get; set; } /// @@ -338,7 +339,7 @@ public abstract class CloudFieldSet { /// Machine type of the host machine. /// t2.medium /// - [DataMember(Name = "machine.type")] + [JsonPropertyName("machine.type"), DataMember(Name = "machine.type")] public string MachineType { get; set; } /// @@ -347,7 +348,7 @@ public abstract class CloudFieldSet { /// Examples: Google Cloud Project id, Azure Project id. /// my-project /// - [DataMember(Name = "project.id")] + [JsonPropertyName("project.id"), DataMember(Name = "project.id")] public string ProjectId { get; set; } /// @@ -356,7 +357,7 @@ public abstract class CloudFieldSet { /// Examples: Google Cloud Project name, Azure Project name. /// my project /// - [DataMember(Name = "project.name")] + [JsonPropertyName("project.name"), DataMember(Name = "project.name")] public string ProjectName { get; set; } /// @@ -364,7 +365,7 @@ public abstract class CloudFieldSet { /// Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. /// aws /// - [DataMember(Name = "provider")] + [JsonPropertyName("provider"), DataMember(Name = "provider")] public string Provider { get; set; } /// @@ -372,7 +373,7 @@ public abstract class CloudFieldSet { /// Region in which this host, resource, or service is located. /// us-east-1 /// - [DataMember(Name = "region")] + [JsonPropertyName("region"), DataMember(Name = "region")] public string Region { get; set; } /// @@ -381,7 +382,7 @@ public abstract class CloudFieldSet { /// Examples: app engine, app service, cloud run, fargate, lambda. /// lambda /// - [DataMember(Name = "service.name")] + [JsonPropertyName("service.name"), DataMember(Name = "service.name")] public string ServiceName { get; set; } } @@ -396,7 +397,7 @@ public abstract class CodeSignatureFieldSet { /// This value can distinguish signatures when a file is signed multiple times by the same signer but with a different digest algorithm. /// sha256 /// - [DataMember(Name = "digest_algorithm")] + [JsonPropertyName("digest_algorithm"), DataMember(Name = "digest_algorithm")] public string DigestAlgorithm { get; set; } /// @@ -404,7 +405,7 @@ public abstract class CodeSignatureFieldSet { /// Boolean to capture if a signature is present. /// true /// - [DataMember(Name = "exists")] + [JsonPropertyName("exists"), DataMember(Name = "exists")] public bool? Exists { get; set; } /// @@ -413,7 +414,7 @@ public abstract class CodeSignatureFieldSet { /// This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. /// com.apple.xpc.proxy /// - [DataMember(Name = "signing_id")] + [JsonPropertyName("signing_id"), DataMember(Name = "signing_id")] public string SigningId { get; set; } /// @@ -422,7 +423,7 @@ public abstract class CodeSignatureFieldSet { /// This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. /// ERROR_UNTRUSTED_ROOT /// - [DataMember(Name = "status")] + [JsonPropertyName("status"), DataMember(Name = "status")] public string Status { get; set; } /// @@ -430,7 +431,7 @@ public abstract class CodeSignatureFieldSet { /// Subject name of the code signer /// Microsoft Corporation /// - [DataMember(Name = "subject_name")] + [JsonPropertyName("subject_name"), DataMember(Name = "subject_name")] public string SubjectName { get; set; } /// @@ -439,7 +440,7 @@ public abstract class CodeSignatureFieldSet { /// This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. /// EQHXZ8M8AV /// - [DataMember(Name = "team_id")] + [JsonPropertyName("team_id"), DataMember(Name = "team_id")] public string TeamId { get; set; } /// @@ -447,7 +448,7 @@ public abstract class CodeSignatureFieldSet { /// Date and time when the code signature was generated and signed. /// 1/1/2021 12:10:30 PM /// - [DataMember(Name = "timestamp")] + [JsonPropertyName("timestamp"), DataMember(Name = "timestamp")] public DateTimeOffset? Timestamp { get; set; } /// @@ -456,7 +457,7 @@ public abstract class CodeSignatureFieldSet { /// Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. /// true /// - [DataMember(Name = "trusted")] + [JsonPropertyName("trusted"), DataMember(Name = "trusted")] public bool? Trusted { get; set; } /// @@ -465,7 +466,7 @@ public abstract class CodeSignatureFieldSet { /// Leave unpopulated if a certificate was unchecked. /// true /// - [DataMember(Name = "valid")] + [JsonPropertyName("valid"), DataMember(Name = "valid")] public bool? Valid { get; set; } } @@ -479,7 +480,7 @@ public abstract class ContainerFieldSet { /// Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. /// /// - [DataMember(Name = "cpu.usage")] + [JsonPropertyName("cpu.usage"), DataMember(Name = "cpu.usage")] public float? CpuUsage { get; set; } /// @@ -487,7 +488,7 @@ public abstract class ContainerFieldSet { /// The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. /// /// - [DataMember(Name = "disk.read.bytes")] + [JsonPropertyName("disk.read.bytes"), DataMember(Name = "disk.read.bytes")] public long? DiskReadBytes { get; set; } /// @@ -495,7 +496,7 @@ public abstract class ContainerFieldSet { /// The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. /// /// - [DataMember(Name = "disk.write.bytes")] + [JsonPropertyName("disk.write.bytes"), DataMember(Name = "disk.write.bytes")] public long? DiskWriteBytes { get; set; } /// @@ -503,7 +504,7 @@ public abstract class ContainerFieldSet { /// Unique container id. /// /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -511,7 +512,7 @@ public abstract class ContainerFieldSet { /// An array of digests of the image the container was built on. Each digest consists of the hash algorithm and value in this format: `algorithm:value`. Algorithm names should align with the field names in the ECS hash field set. /// [sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26] /// - [DataMember(Name = "image.hash.all")] + [JsonPropertyName("image.hash.all"), DataMember(Name = "image.hash.all")] public string[] ImageHashAll { get; set; } /// @@ -519,7 +520,7 @@ public abstract class ContainerFieldSet { /// Name of the image the container was built on. /// /// - [DataMember(Name = "image.name")] + [JsonPropertyName("image.name"), DataMember(Name = "image.name")] public string ImageName { get; set; } /// @@ -527,7 +528,7 @@ public abstract class ContainerFieldSet { /// Container image tags. /// /// - [DataMember(Name = "image.tag")] + [JsonPropertyName("image.tag"), DataMember(Name = "image.tag")] public string[] ImageTag { get; set; } /// @@ -535,7 +536,7 @@ public abstract class ContainerFieldSet { /// Memory usage percentage and it ranges from 0 to 1. Scaling factor: 1000. /// /// - [DataMember(Name = "memory.usage")] + [JsonPropertyName("memory.usage"), DataMember(Name = "memory.usage")] public float? MemoryUsage { get; set; } /// @@ -543,7 +544,7 @@ public abstract class ContainerFieldSet { /// Container name. /// /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -551,7 +552,7 @@ public abstract class ContainerFieldSet { /// The number of bytes (gauge) sent out on all network interfaces by the container since the last metric collection. /// /// - [DataMember(Name = "network.egress.bytes")] + [JsonPropertyName("network.egress.bytes"), DataMember(Name = "network.egress.bytes")] public long? NetworkEgressBytes { get; set; } /// @@ -559,7 +560,7 @@ public abstract class ContainerFieldSet { /// The number of bytes received (gauge) on all network interfaces by the container since the last metric collection. /// /// - [DataMember(Name = "network.ingress.bytes")] + [JsonPropertyName("network.ingress.bytes"), DataMember(Name = "network.ingress.bytes")] public long? NetworkIngressBytes { get; set; } /// @@ -567,7 +568,7 @@ public abstract class ContainerFieldSet { /// Runtime managing this container. /// docker /// - [DataMember(Name = "runtime")] + [JsonPropertyName("runtime"), DataMember(Name = "runtime")] public string Runtime { get; set; } /// @@ -575,7 +576,7 @@ public abstract class ContainerFieldSet { /// Image labels. /// /// - [DataMember(Name = "labels")] + [JsonPropertyName("labels"), DataMember(Name = "labels")] public ContainerLabels Labels { get; set; } } @@ -593,7 +594,7 @@ public abstract class DataStreamFieldSet { /// * No longer than 100 characters /// nginx.access /// - [DataMember(Name = "dataset")] + [JsonPropertyName("dataset"), DataMember(Name = "dataset")] public string Dataset { get; set; } /// @@ -605,7 +606,7 @@ public abstract class DataStreamFieldSet { /// * No longer than 100 characters /// production /// - [DataMember(Name = "namespace")] + [JsonPropertyName("namespace"), DataMember(Name = "namespace")] public string Namespace { get; set; } /// @@ -614,7 +615,7 @@ public abstract class DataStreamFieldSet { /// Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. /// logs /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -629,7 +630,7 @@ public abstract class DestinationFieldSet { /// Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. /// /// - [DataMember(Name = "address")] + [JsonPropertyName("address"), DataMember(Name = "address")] public string Address { get; set; } /// @@ -637,7 +638,7 @@ public abstract class DestinationFieldSet { /// Bytes sent from the destination to the source. /// 184 /// - [DataMember(Name = "bytes")] + [JsonPropertyName("bytes"), DataMember(Name = "bytes")] public long? Bytes { get; set; } /// @@ -646,7 +647,7 @@ public abstract class DestinationFieldSet { /// This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. /// foo.example.com /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -654,7 +655,7 @@ public abstract class DestinationFieldSet { /// IP address of the destination (IPv4 or IPv6). /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string Ip { get; set; } /// @@ -664,7 +665,7 @@ public abstract class DestinationFieldSet { /// pattern: /// 00-00-5E-00-53-23 /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string Mac { get; set; } /// @@ -673,7 +674,7 @@ public abstract class DestinationFieldSet { /// Typically used with load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.ip")] + [JsonPropertyName("nat.ip"), DataMember(Name = "nat.ip")] public string NatIp { get; set; } /// @@ -682,7 +683,7 @@ public abstract class DestinationFieldSet { /// Typically used with load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.port")] + [JsonPropertyName("nat.port"), DataMember(Name = "nat.port")] public long? NatPort { get; set; } /// @@ -690,7 +691,7 @@ public abstract class DestinationFieldSet { /// Packets sent from the destination to the source. /// 12 /// - [DataMember(Name = "packets")] + [JsonPropertyName("packets"), DataMember(Name = "packets")] public long? Packets { get; set; } /// @@ -698,7 +699,7 @@ public abstract class DestinationFieldSet { /// Port of the destination. /// /// - [DataMember(Name = "port")] + [JsonPropertyName("port"), DataMember(Name = "port")] public long? Port { get; set; } /// @@ -708,7 +709,7 @@ public abstract class DestinationFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "registered_domain")] + [JsonPropertyName("registered_domain"), DataMember(Name = "registered_domain")] public string RegisteredDomain { get; set; } /// @@ -717,7 +718,7 @@ public abstract class DestinationFieldSet { /// For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// east /// - [DataMember(Name = "subdomain")] + [JsonPropertyName("subdomain"), DataMember(Name = "subdomain")] public string Subdomain { get; set; } /// @@ -726,7 +727,7 @@ public abstract class DestinationFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "top_level_domain")] + [JsonPropertyName("top_level_domain"), DataMember(Name = "top_level_domain")] public string TopLevelDomain { get; set; } } @@ -741,7 +742,7 @@ public abstract class DllFieldSet { /// This generally maps to the name of the file on disk. /// kernel32.dll /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -749,7 +750,7 @@ public abstract class DllFieldSet { /// Full file path of the library. /// C:\Windows\System32\kernel32.dll /// - [DataMember(Name = "path")] + [JsonPropertyName("path"), DataMember(Name = "path")] public string Path { get; set; } } @@ -773,7 +774,7 @@ public abstract class DnsFieldSet { /// /// ["RD", "RA"] /// - [DataMember(Name = "header_flags")] + [JsonPropertyName("header_flags"), DataMember(Name = "header_flags")] public string[] HeaderFlags { get; set; } /// @@ -781,7 +782,7 @@ public abstract class DnsFieldSet { /// The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. /// 62111 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -789,7 +790,7 @@ public abstract class DnsFieldSet { /// The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. /// QUERY /// - [DataMember(Name = "op_code")] + [JsonPropertyName("op_code"), DataMember(Name = "op_code")] public string OpCode { get; set; } /// @@ -797,7 +798,7 @@ public abstract class DnsFieldSet { /// The class of records being queried. /// IN /// - [DataMember(Name = "question.class")] + [JsonPropertyName("question.class"), DataMember(Name = "question.class")] public string QuestionClass { get; set; } /// @@ -806,7 +807,7 @@ public abstract class DnsFieldSet { /// If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively. /// www.example.com /// - [DataMember(Name = "question.name")] + [JsonPropertyName("question.name"), DataMember(Name = "question.name")] public string QuestionName { get; set; } /// @@ -816,7 +817,7 @@ public abstract class DnsFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "question.registered_domain")] + [JsonPropertyName("question.registered_domain"), DataMember(Name = "question.registered_domain")] public string QuestionRegisteredDomain { get; set; } /// @@ -825,7 +826,7 @@ public abstract class DnsFieldSet { /// If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// www /// - [DataMember(Name = "question.subdomain")] + [JsonPropertyName("question.subdomain"), DataMember(Name = "question.subdomain")] public string QuestionSubdomain { get; set; } /// @@ -834,7 +835,7 @@ public abstract class DnsFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "question.top_level_domain")] + [JsonPropertyName("question.top_level_domain"), DataMember(Name = "question.top_level_domain")] public string QuestionTopLevelDomain { get; set; } /// @@ -842,7 +843,7 @@ public abstract class DnsFieldSet { /// The type of record being queried. /// AAAA /// - [DataMember(Name = "question.type")] + [JsonPropertyName("question.type"), DataMember(Name = "question.type")] public string QuestionType { get; set; } /// @@ -851,7 +852,7 @@ public abstract class DnsFieldSet { /// The `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for. /// ["10.10.10.10", "10.10.10.11"] /// - [DataMember(Name = "resolved_ip")] + [JsonPropertyName("resolved_ip"), DataMember(Name = "resolved_ip")] public string[] ResolvedIp { get; set; } /// @@ -859,7 +860,7 @@ public abstract class DnsFieldSet { /// The DNS response code. /// NOERROR /// - [DataMember(Name = "response_code")] + [JsonPropertyName("response_code"), DataMember(Name = "response_code")] public string ResponseCode { get; set; } /// @@ -869,7 +870,7 @@ public abstract class DnsFieldSet { /// If your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers. /// answer /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -879,7 +880,7 @@ public abstract class DnsFieldSet { /// Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields. /// /// - [DataMember(Name = "answers")] + [JsonPropertyName("answers"), DataMember(Name = "answers")] public DnsAnswers[] Answers { get; set; } } @@ -895,7 +896,7 @@ public abstract class EcsFieldSet { ///
This is a required field /// 1.0.0 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -909,7 +910,7 @@ public abstract class ElfFieldSet { /// Machine architecture of the ELF file. /// x86-64 /// - [DataMember(Name = "architecture")] + [JsonPropertyName("architecture"), DataMember(Name = "architecture")] public string Architecture { get; set; } /// @@ -917,7 +918,7 @@ public abstract class ElfFieldSet { /// Byte sequence of ELF file. /// Little Endian /// - [DataMember(Name = "byte_order")] + [JsonPropertyName("byte_order"), DataMember(Name = "byte_order")] public string ByteOrder { get; set; } /// @@ -925,7 +926,7 @@ public abstract class ElfFieldSet { /// CPU type of the ELF file. /// Intel /// - [DataMember(Name = "cpu_type")] + [JsonPropertyName("cpu_type"), DataMember(Name = "cpu_type")] public string CpuType { get; set; } /// @@ -933,7 +934,7 @@ public abstract class ElfFieldSet { /// Extracted when possible from the file's metadata. Indicates when it was built or compiled. It can also be faked by malware creators. /// /// - [DataMember(Name = "creation_date")] + [JsonPropertyName("creation_date"), DataMember(Name = "creation_date")] public DateTimeOffset? CreationDate { get; set; } /// @@ -941,7 +942,7 @@ public abstract class ElfFieldSet { /// List of exported element names and types. /// /// - [DataMember(Name = "exports")] + [JsonPropertyName("exports"), DataMember(Name = "exports")] public string[] Exports { get; set; } /// @@ -949,7 +950,7 @@ public abstract class ElfFieldSet { /// Version of the ELF Application Binary Interface (ABI). /// /// - [DataMember(Name = "header.abi_version")] + [JsonPropertyName("header.abi_version"), DataMember(Name = "header.abi_version")] public string HeaderAbiVersion { get; set; } /// @@ -957,7 +958,7 @@ public abstract class ElfFieldSet { /// Header class of the ELF file. /// /// - [DataMember(Name = "header.class")] + [JsonPropertyName("header.class"), DataMember(Name = "header.class")] public string HeaderClass { get; set; } /// @@ -965,7 +966,7 @@ public abstract class ElfFieldSet { /// Data table of the ELF header. /// /// - [DataMember(Name = "header.data")] + [JsonPropertyName("header.data"), DataMember(Name = "header.data")] public string HeaderData { get; set; } /// @@ -973,7 +974,7 @@ public abstract class ElfFieldSet { /// Header entrypoint of the ELF file. /// /// - [DataMember(Name = "header.entrypoint")] + [JsonPropertyName("header.entrypoint"), DataMember(Name = "header.entrypoint")] public long? HeaderEntrypoint { get; set; } /// @@ -981,7 +982,7 @@ public abstract class ElfFieldSet { /// "0x1" for original ELF files. /// /// - [DataMember(Name = "header.object_version")] + [JsonPropertyName("header.object_version"), DataMember(Name = "header.object_version")] public string HeaderObjectVersion { get; set; } /// @@ -989,7 +990,7 @@ public abstract class ElfFieldSet { /// Application Binary Interface (ABI) of the Linux OS. /// /// - [DataMember(Name = "header.os_abi")] + [JsonPropertyName("header.os_abi"), DataMember(Name = "header.os_abi")] public string HeaderOsAbi { get; set; } /// @@ -997,7 +998,7 @@ public abstract class ElfFieldSet { /// Header type of the ELF file. /// /// - [DataMember(Name = "header.type")] + [JsonPropertyName("header.type"), DataMember(Name = "header.type")] public string HeaderType { get; set; } /// @@ -1005,7 +1006,7 @@ public abstract class ElfFieldSet { /// Version of the ELF header. /// /// - [DataMember(Name = "header.version")] + [JsonPropertyName("header.version"), DataMember(Name = "header.version")] public string HeaderVersion { get; set; } /// @@ -1013,7 +1014,7 @@ public abstract class ElfFieldSet { /// List of imported element names and types. /// /// - [DataMember(Name = "imports")] + [JsonPropertyName("imports"), DataMember(Name = "imports")] public string[] Imports { get; set; } /// @@ -1021,7 +1022,7 @@ public abstract class ElfFieldSet { /// List of shared libraries used by this ELF object. /// /// - [DataMember(Name = "shared_libraries")] + [JsonPropertyName("shared_libraries"), DataMember(Name = "shared_libraries")] public string[] SharedLibraries { get; set; } /// @@ -1029,7 +1030,7 @@ public abstract class ElfFieldSet { /// telfhash symbol hash for ELF file. /// /// - [DataMember(Name = "telfhash")] + [JsonPropertyName("telfhash"), DataMember(Name = "telfhash")] public string Telfhash { get; set; } /// @@ -1038,7 +1039,7 @@ public abstract class ElfFieldSet { /// The keys that should be present in these objects are defined by sub-fields underneath `elf.sections.*`. /// /// - [DataMember(Name = "sections")] + [JsonPropertyName("sections"), DataMember(Name = "sections")] public ElfSections[] Sections { get; set; } /// @@ -1047,7 +1048,7 @@ public abstract class ElfFieldSet { /// The keys that should be present in these objects are defined by sub-fields underneath `elf.segments.*`. /// /// - [DataMember(Name = "segments")] + [JsonPropertyName("segments"), DataMember(Name = "segments")] public ElfSegments[] Segments { get; set; } } @@ -1061,7 +1062,7 @@ public abstract class EmailFieldSet { /// The email address of BCC recipient /// bcc.user1@example.com /// - [DataMember(Name = "bcc.address")] + [JsonPropertyName("bcc.address"), DataMember(Name = "bcc.address")] public string[] BccAddress { get; set; } /// @@ -1069,7 +1070,7 @@ public abstract class EmailFieldSet { /// The email address of CC recipient /// cc.user1@example.com /// - [DataMember(Name = "cc.address")] + [JsonPropertyName("cc.address"), DataMember(Name = "cc.address")] public string[] CcAddress { get; set; } /// @@ -1078,7 +1079,7 @@ public abstract class EmailFieldSet { /// Typically a MIME type. /// text/plain /// - [DataMember(Name = "content_type")] + [JsonPropertyName("content_type"), DataMember(Name = "content_type")] public string ContentType { get; set; } /// @@ -1086,7 +1087,7 @@ public abstract class EmailFieldSet { /// The date and time when the email message was received by the service or client. /// 11/10/2020 10:12:34 PM /// - [DataMember(Name = "delivery_timestamp")] + [JsonPropertyName("delivery_timestamp"), DataMember(Name = "delivery_timestamp")] public DateTimeOffset? DeliveryTimestamp { get; set; } /// @@ -1094,7 +1095,7 @@ public abstract class EmailFieldSet { /// The direction of the message based on the sending and receiving domains. /// inbound /// - [DataMember(Name = "direction")] + [JsonPropertyName("direction"), DataMember(Name = "direction")] public string Direction { get; set; } /// @@ -1102,7 +1103,7 @@ public abstract class EmailFieldSet { /// The email address of the sender, typically from the RFC 5322 `From:` header field. /// sender@example.com /// - [DataMember(Name = "from.address")] + [JsonPropertyName("from.address"), DataMember(Name = "from.address")] public string[] FromAddress { get; set; } /// @@ -1111,7 +1112,7 @@ public abstract class EmailFieldSet { /// Identifier is not persistent across hops. /// c26dbea0-80d5-463b-b93c-4e8b708219ce /// - [DataMember(Name = "local_id")] + [JsonPropertyName("local_id"), DataMember(Name = "local_id")] public string LocalId { get; set; } /// @@ -1119,7 +1120,7 @@ public abstract class EmailFieldSet { /// Identifier from the RFC 5322 `Message-ID:` email header that refers to a particular email message. /// 81ce15$8r2j59@mail01.example.com /// - [DataMember(Name = "message_id")] + [JsonPropertyName("message_id"), DataMember(Name = "message_id")] public string MessageId { get; set; } /// @@ -1127,7 +1128,7 @@ public abstract class EmailFieldSet { /// The date and time the email message was composed. Many email clients will fill in this value automatically when the message is sent by a user. /// 11/10/2020 10:12:34 PM /// - [DataMember(Name = "origination_timestamp")] + [JsonPropertyName("origination_timestamp"), DataMember(Name = "origination_timestamp")] public DateTimeOffset? OriginationTimestamp { get; set; } /// @@ -1135,7 +1136,7 @@ public abstract class EmailFieldSet { /// The address that replies should be delivered to based on the value in the RFC 5322 `Reply-To:` header. /// reply.here@example.com /// - [DataMember(Name = "reply_to.address")] + [JsonPropertyName("reply_to.address"), DataMember(Name = "reply_to.address")] public string[] ReplyToAddress { get; set; } /// @@ -1143,7 +1144,7 @@ public abstract class EmailFieldSet { /// Per RFC 5322, specifies the address responsible for the actual transmission of the message. /// /// - [DataMember(Name = "sender.address")] + [JsonPropertyName("sender.address"), DataMember(Name = "sender.address")] public string SenderAddress { get; set; } /// @@ -1151,7 +1152,7 @@ public abstract class EmailFieldSet { /// A brief summary of the topic of the message. /// Please see this important message. /// - [DataMember(Name = "subject")] + [JsonPropertyName("subject"), DataMember(Name = "subject")] public string Subject { get; set; } /// @@ -1159,7 +1160,7 @@ public abstract class EmailFieldSet { /// The email address of recipient /// user1@example.com /// - [DataMember(Name = "to.address")] + [JsonPropertyName("to.address"), DataMember(Name = "to.address")] public string[] ToAddress { get; set; } /// @@ -1167,7 +1168,7 @@ public abstract class EmailFieldSet { /// The name of the application that was used to draft and send the original email message. /// Spambot v2.5 /// - [DataMember(Name = "x_mailer")] + [JsonPropertyName("x_mailer"), DataMember(Name = "x_mailer")] public string XMailer { get; set; } /// @@ -1175,7 +1176,7 @@ public abstract class EmailFieldSet { /// A list of objects describing the attachment files sent along with an email message. /// /// - [DataMember(Name = "attachments")] + [JsonPropertyName("attachments"), DataMember(Name = "attachments")] public EmailAttachments[] Attachments { get; set; } } @@ -1189,7 +1190,7 @@ public abstract class ErrorFieldSet { /// Error code describing the error. /// /// - [DataMember(Name = "code")] + [JsonPropertyName("code"), DataMember(Name = "code")] public string Code { get; set; } /// @@ -1197,7 +1198,7 @@ public abstract class ErrorFieldSet { /// Unique identifier for the error. /// /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -1205,7 +1206,7 @@ public abstract class ErrorFieldSet { /// Error message. /// /// - [DataMember(Name = "message")] + [JsonPropertyName("message"), DataMember(Name = "message")] public string Message { get; set; } /// @@ -1213,7 +1214,7 @@ public abstract class ErrorFieldSet { /// The stack trace of this error in plain text. /// /// - [DataMember(Name = "stack_trace")] + [JsonPropertyName("stack_trace"), DataMember(Name = "stack_trace")] public string StackTrace { get; set; } /// @@ -1221,7 +1222,7 @@ public abstract class ErrorFieldSet { /// The type of the error, for example the class name of the exception. /// java.lang.NullPointerException /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -1236,7 +1237,7 @@ public abstract class EventFieldSet { /// This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. /// user-password-change /// - [DataMember(Name = "action")] + [JsonPropertyName("action"), DataMember(Name = "action")] public string Action { get; set; } /// @@ -1251,7 +1252,7 @@ public abstract class EventFieldSet { /// `auth_metadata_missing` - There was no auth metadata or it was missing information about the agent ID. /// verified /// - [DataMember(Name = "agent_id_status")] + [JsonPropertyName("agent_id_status"), DataMember(Name = "agent_id_status")] public string AgentIdStatus { get; set; } /// @@ -1287,7 +1288,7 @@ public abstract class EventFieldSet { /// /// authentication /// - [DataMember(Name = "category")] + [JsonPropertyName("category"), DataMember(Name = "category")] public string[] Category { get; set; } /// @@ -1296,7 +1297,7 @@ public abstract class EventFieldSet { /// Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. /// 4648 /// - [DataMember(Name = "code")] + [JsonPropertyName("code"), DataMember(Name = "code")] public string Code { get; set; } /// @@ -1307,7 +1308,7 @@ public abstract class EventFieldSet { /// In case the two timestamps are identical, @timestamp should be used. /// 5/23/2016 8:05:34 AM /// - [DataMember(Name = "created")] + [JsonPropertyName("created"), DataMember(Name = "created")] public DateTimeOffset? Created { get; set; } /// @@ -1317,7 +1318,7 @@ public abstract class EventFieldSet { /// It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. /// apache.access /// - [DataMember(Name = "dataset")] + [JsonPropertyName("dataset"), DataMember(Name = "dataset")] public string Dataset { get; set; } /// @@ -1326,7 +1327,7 @@ public abstract class EventFieldSet { /// If event.start and event.end are known this value should be the difference between the end and start time. /// /// - [DataMember(Name = "duration")] + [JsonPropertyName("duration"), DataMember(Name = "duration")] public long? Duration { get; set; } /// @@ -1334,7 +1335,7 @@ public abstract class EventFieldSet { /// event.end contains the date when the event ended or when the activity was last observed. /// /// - [DataMember(Name = "end")] + [JsonPropertyName("end"), DataMember(Name = "end")] public DateTimeOffset? End { get; set; } /// @@ -1342,7 +1343,7 @@ public abstract class EventFieldSet { /// Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity. /// 123456789012345678901234567890ABCD /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public string Hash { get; set; } /// @@ -1350,7 +1351,7 @@ public abstract class EventFieldSet { /// Unique ID to describe the event. /// 8a4f500d /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -1360,7 +1361,7 @@ public abstract class EventFieldSet { /// In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. /// 5/23/2016 8:05:35 AM /// - [DataMember(Name = "ingested")] + [JsonPropertyName("ingested"), DataMember(Name = "ingested")] public DateTimeOffset? Ingested { get; set; } /// @@ -1390,7 +1391,7 @@ public abstract class EventFieldSet { /// /// alert /// - [DataMember(Name = "kind")] + [JsonPropertyName("kind"), DataMember(Name = "kind")] public string Kind { get; set; } /// @@ -1399,7 +1400,7 @@ public abstract class EventFieldSet { /// If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. /// apache /// - [DataMember(Name = "module")] + [JsonPropertyName("module"), DataMember(Name = "module")] public string Module { get; set; } /// @@ -1409,7 +1410,7 @@ public abstract class EventFieldSet { ///
Stored but not available for search in Elasticsearch by default /// Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 /// - [DataMember(Name = "original")] + [JsonPropertyName("original"), DataMember(Name = "original")] public string Original { get; set; } /// @@ -1428,7 +1429,7 @@ public abstract class EventFieldSet { /// /// success /// - [DataMember(Name = "outcome")] + [JsonPropertyName("outcome"), DataMember(Name = "outcome")] public string Outcome { get; set; } /// @@ -1437,7 +1438,7 @@ public abstract class EventFieldSet { /// Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). /// kernel /// - [DataMember(Name = "provider")] + [JsonPropertyName("provider"), DataMember(Name = "provider")] public string Provider { get; set; } /// @@ -1446,7 +1447,7 @@ public abstract class EventFieldSet { /// This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). /// Terminated an unexpected process /// - [DataMember(Name = "reason")] + [JsonPropertyName("reason"), DataMember(Name = "reason")] public string Reason { get; set; } /// @@ -1455,7 +1456,7 @@ public abstract class EventFieldSet { /// This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. /// https://system.example.com/event/#0001234 /// - [DataMember(Name = "reference")] + [JsonPropertyName("reference"), DataMember(Name = "reference")] public string Reference { get; set; } /// @@ -1463,7 +1464,7 @@ public abstract class EventFieldSet { /// Risk score or priority of the event (e.g. security solutions). Use your system's original value here. /// /// - [DataMember(Name = "risk_score")] + [JsonPropertyName("risk_score"), DataMember(Name = "risk_score")] public float? RiskScore { get; set; } /// @@ -1472,7 +1473,7 @@ public abstract class EventFieldSet { /// This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems. /// /// - [DataMember(Name = "risk_score_norm")] + [JsonPropertyName("risk_score_norm"), DataMember(Name = "risk_score_norm")] public float? RiskScoreNorm { get; set; } /// @@ -1481,7 +1482,7 @@ public abstract class EventFieldSet { /// The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. /// /// - [DataMember(Name = "sequence")] + [JsonPropertyName("sequence"), DataMember(Name = "sequence")] public long? Sequence { get; set; } /// @@ -1491,7 +1492,7 @@ public abstract class EventFieldSet { /// The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. /// 7 /// - [DataMember(Name = "severity")] + [JsonPropertyName("severity"), DataMember(Name = "severity")] public long? Severity { get; set; } /// @@ -1499,7 +1500,7 @@ public abstract class EventFieldSet { /// event.start contains the date when the event started or when the activity was first observed. /// /// - [DataMember(Name = "start")] + [JsonPropertyName("start"), DataMember(Name = "start")] public DateTimeOffset? Start { get; set; } /// @@ -1508,7 +1509,7 @@ public abstract class EventFieldSet { /// Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). /// /// - [DataMember(Name = "timezone")] + [JsonPropertyName("timezone"), DataMember(Name = "timezone")] public string Timezone { get; set; } /// @@ -1540,7 +1541,7 @@ public abstract class EventFieldSet { /// /// /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string[] Type { get; set; } /// @@ -1549,7 +1550,7 @@ public abstract class EventFieldSet { /// This URL links to another system where in-depth investigation of the specific occurrence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. /// https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe /// - [DataMember(Name = "url")] + [JsonPropertyName("url"), DataMember(Name = "url")] public string Url { get; set; } } @@ -1563,7 +1564,7 @@ public abstract class FaasFieldSet { /// Boolean value indicating a cold start of a function. /// /// - [DataMember(Name = "coldstart")] + [JsonPropertyName("coldstart"), DataMember(Name = "coldstart")] public bool? Coldstart { get; set; } /// @@ -1571,7 +1572,7 @@ public abstract class FaasFieldSet { /// The execution ID of the current function execution. /// af9d5aa4-a685-4c5f-a22b-444f80b3cc28 /// - [DataMember(Name = "execution")] + [JsonPropertyName("execution"), DataMember(Name = "execution")] public string Execution { get; set; } /// @@ -1580,7 +1581,7 @@ public abstract class FaasFieldSet { /// For AWS Lambda it's the function ARN (Amazon Resource Name) without a version or alias suffix. /// arn:aws:lambda:us-west-2:123456789012:function:my-function /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -1588,7 +1589,7 @@ public abstract class FaasFieldSet { /// The name of a serverless function. /// my-function /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -1596,7 +1597,7 @@ public abstract class FaasFieldSet { /// The version of a serverless function. /// 123 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } /// @@ -1604,7 +1605,7 @@ public abstract class FaasFieldSet { /// Details about the function trigger. /// /// - [DataMember(Name = "trigger")] + [JsonPropertyName("trigger"), DataMember(Name = "trigger")] public FaasTrigger Trigger { get; set; } } @@ -1619,7 +1620,7 @@ public abstract class FileFieldSet { /// Note that not all filesystems keep track of access time. /// /// - [DataMember(Name = "accessed")] + [JsonPropertyName("accessed"), DataMember(Name = "accessed")] public DateTimeOffset? Accessed { get; set; } /// @@ -1628,7 +1629,7 @@ public abstract class FileFieldSet { /// Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. /// ["readonly", "system"] /// - [DataMember(Name = "attributes")] + [JsonPropertyName("attributes"), DataMember(Name = "attributes")] public string[] Attributes { get; set; } /// @@ -1637,7 +1638,7 @@ public abstract class FileFieldSet { /// Note that not all filesystems store the creation time. /// /// - [DataMember(Name = "created")] + [JsonPropertyName("created"), DataMember(Name = "created")] public DateTimeOffset? Created { get; set; } /// @@ -1646,7 +1647,7 @@ public abstract class FileFieldSet { /// Note that changes to the file content will update `mtime`. This implies `ctime` will be adjusted at the same time, since `mtime` is an attribute of the file. /// /// - [DataMember(Name = "ctime")] + [JsonPropertyName("ctime"), DataMember(Name = "ctime")] public DateTimeOffset? Ctime { get; set; } /// @@ -1654,7 +1655,7 @@ public abstract class FileFieldSet { /// Device that is the source of the file. /// sda /// - [DataMember(Name = "device")] + [JsonPropertyName("device"), DataMember(Name = "device")] public string Device { get; set; } /// @@ -1662,7 +1663,7 @@ public abstract class FileFieldSet { /// Directory where the file is located. It should include the drive letter, when appropriate. /// /home/alice /// - [DataMember(Name = "directory")] + [JsonPropertyName("directory"), DataMember(Name = "directory")] public string Directory { get; set; } /// @@ -1671,7 +1672,7 @@ public abstract class FileFieldSet { /// The value should be uppercase, and not include the colon. /// C /// - [DataMember(Name = "drive_letter")] + [JsonPropertyName("drive_letter"), DataMember(Name = "drive_letter")] public string DriveLetter { get; set; } /// @@ -1680,7 +1681,7 @@ public abstract class FileFieldSet { /// Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). /// png /// - [DataMember(Name = "extension")] + [JsonPropertyName("extension"), DataMember(Name = "extension")] public string Extension { get; set; } /// @@ -1690,7 +1691,7 @@ public abstract class FileFieldSet { /// On NTFS, this is analogous to an Alternate Data Stream (ADS), and the default data stream for a file is just called $DATA. Zone.Identifier is commonly used by Windows to track contents downloaded from the Internet. An ADS is typically of the form: `C:\path\to\filename.extension:some_fork_name`, and `some_fork_name` is the value that should populate `fork_name`. `filename.extension` should populate `file.name`, and `extension` should populate `file.extension`. The full path, `file.path`, will include the fork name. /// Zone.Identifer /// - [DataMember(Name = "fork_name")] + [JsonPropertyName("fork_name"), DataMember(Name = "fork_name")] public string ForkName { get; set; } /// @@ -1698,7 +1699,7 @@ public abstract class FileFieldSet { /// Primary group ID (GID) of the file. /// 1001 /// - [DataMember(Name = "gid")] + [JsonPropertyName("gid"), DataMember(Name = "gid")] public string Gid { get; set; } /// @@ -1706,7 +1707,7 @@ public abstract class FileFieldSet { /// Primary group name of the file. /// alice /// - [DataMember(Name = "group")] + [JsonPropertyName("group"), DataMember(Name = "group")] public string Group { get; set; } /// @@ -1714,7 +1715,7 @@ public abstract class FileFieldSet { /// Inode representing the file in the filesystem. /// 256383 /// - [DataMember(Name = "inode")] + [JsonPropertyName("inode"), DataMember(Name = "inode")] public string Inode { get; set; } /// @@ -1722,7 +1723,7 @@ public abstract class FileFieldSet { /// MIME type should identify the format of the file or stream of bytes using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official types], where possible. When more than one type is applicable, the most specific type should be used. /// /// - [DataMember(Name = "mime_type")] + [JsonPropertyName("mime_type"), DataMember(Name = "mime_type")] public string MimeType { get; set; } /// @@ -1730,7 +1731,7 @@ public abstract class FileFieldSet { /// Mode of the file in octal representation. /// 0640 /// - [DataMember(Name = "mode")] + [JsonPropertyName("mode"), DataMember(Name = "mode")] public string Mode { get; set; } /// @@ -1738,7 +1739,7 @@ public abstract class FileFieldSet { /// Last time the file content was modified. /// /// - [DataMember(Name = "mtime")] + [JsonPropertyName("mtime"), DataMember(Name = "mtime")] public DateTimeOffset? Mtime { get; set; } /// @@ -1746,7 +1747,7 @@ public abstract class FileFieldSet { /// Name of the file including the extension, without the directory. /// example.png /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -1754,7 +1755,7 @@ public abstract class FileFieldSet { /// File owner's username. /// alice /// - [DataMember(Name = "owner")] + [JsonPropertyName("owner"), DataMember(Name = "owner")] public string Owner { get; set; } /// @@ -1762,7 +1763,7 @@ public abstract class FileFieldSet { /// Full path to the file, including the file name. It should include the drive letter, when appropriate. /// /home/alice/example.png /// - [DataMember(Name = "path")] + [JsonPropertyName("path"), DataMember(Name = "path")] public string Path { get; set; } /// @@ -1771,7 +1772,7 @@ public abstract class FileFieldSet { /// Only relevant when `file.type` is "file". /// 16384 /// - [DataMember(Name = "size")] + [JsonPropertyName("size"), DataMember(Name = "size")] public long? Size { get; set; } /// @@ -1779,7 +1780,7 @@ public abstract class FileFieldSet { /// Target path for symlinks. /// /// - [DataMember(Name = "target_path")] + [JsonPropertyName("target_path"), DataMember(Name = "target_path")] public string TargetPath { get; set; } /// @@ -1787,7 +1788,7 @@ public abstract class FileFieldSet { /// File type (file, dir, or symlink). /// file /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -1795,7 +1796,7 @@ public abstract class FileFieldSet { /// The user ID (UID) or security identifier (SID) of the file owner. /// 1001 /// - [DataMember(Name = "uid")] + [JsonPropertyName("uid"), DataMember(Name = "uid")] public string Uid { get; set; } } @@ -1809,7 +1810,7 @@ public abstract class GeoFieldSet { /// City name. /// Montreal /// - [DataMember(Name = "city_name")] + [JsonPropertyName("city_name"), DataMember(Name = "city_name")] public string CityName { get; set; } /// @@ -1817,7 +1818,7 @@ public abstract class GeoFieldSet { /// Two-letter code representing continent's name. /// NA /// - [DataMember(Name = "continent_code")] + [JsonPropertyName("continent_code"), DataMember(Name = "continent_code")] public string ContinentCode { get; set; } /// @@ -1825,7 +1826,7 @@ public abstract class GeoFieldSet { /// Name of the continent. /// North America /// - [DataMember(Name = "continent_name")] + [JsonPropertyName("continent_name"), DataMember(Name = "continent_name")] public string ContinentName { get; set; } /// @@ -1833,7 +1834,7 @@ public abstract class GeoFieldSet { /// Country ISO code. /// CA /// - [DataMember(Name = "country_iso_code")] + [JsonPropertyName("country_iso_code"), DataMember(Name = "country_iso_code")] public string CountryIsoCode { get; set; } /// @@ -1841,7 +1842,7 @@ public abstract class GeoFieldSet { /// Country name. /// Canada /// - [DataMember(Name = "country_name")] + [JsonPropertyName("country_name"), DataMember(Name = "country_name")] public string CountryName { get; set; } /// @@ -1849,7 +1850,7 @@ public abstract class GeoFieldSet { /// Longitude and latitude. /// { "lon": -73.614830, "lat": 45.505918 } /// - [DataMember(Name = "location")] + [JsonPropertyName("location"), DataMember(Name = "location")] public Location Location { get; set; } /// @@ -1859,7 +1860,7 @@ public abstract class GeoFieldSet { /// Not typically used in automated geolocation. /// boston-dc /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -1868,7 +1869,7 @@ public abstract class GeoFieldSet { /// Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. /// 94040 /// - [DataMember(Name = "postal_code")] + [JsonPropertyName("postal_code"), DataMember(Name = "postal_code")] public string PostalCode { get; set; } /// @@ -1876,7 +1877,7 @@ public abstract class GeoFieldSet { /// Region ISO code. /// CA-QC /// - [DataMember(Name = "region_iso_code")] + [JsonPropertyName("region_iso_code"), DataMember(Name = "region_iso_code")] public string RegionIsoCode { get; set; } /// @@ -1884,7 +1885,7 @@ public abstract class GeoFieldSet { /// Region name. /// Quebec /// - [DataMember(Name = "region_name")] + [JsonPropertyName("region_name"), DataMember(Name = "region_name")] public string RegionName { get; set; } /// @@ -1892,7 +1893,7 @@ public abstract class GeoFieldSet { /// The time zone of the location, such as IANA time zone name. /// America/Argentina/Buenos_Aires /// - [DataMember(Name = "timezone")] + [JsonPropertyName("timezone"), DataMember(Name = "timezone")] public string Timezone { get; set; } } @@ -1907,7 +1908,7 @@ public abstract class GroupFieldSet { /// For example, an LDAP or Active Directory domain name. /// /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -1915,7 +1916,7 @@ public abstract class GroupFieldSet { /// Unique identifier for the group on the system/platform. /// /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -1923,7 +1924,7 @@ public abstract class GroupFieldSet { /// Name of the group. /// /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } } @@ -1937,7 +1938,7 @@ public abstract class HashFieldSet { /// MD5 hash. /// /// - [DataMember(Name = "md5")] + [JsonPropertyName("md5"), DataMember(Name = "md5")] public string Md5 { get; set; } /// @@ -1945,7 +1946,7 @@ public abstract class HashFieldSet { /// SHA1 hash. /// /// - [DataMember(Name = "sha1")] + [JsonPropertyName("sha1"), DataMember(Name = "sha1")] public string Sha1 { get; set; } /// @@ -1953,7 +1954,7 @@ public abstract class HashFieldSet { /// SHA256 hash. /// /// - [DataMember(Name = "sha256")] + [JsonPropertyName("sha256"), DataMember(Name = "sha256")] public string Sha256 { get; set; } /// @@ -1961,7 +1962,7 @@ public abstract class HashFieldSet { /// SHA384 hash. /// /// - [DataMember(Name = "sha384")] + [JsonPropertyName("sha384"), DataMember(Name = "sha384")] public string Sha384 { get; set; } /// @@ -1969,7 +1970,7 @@ public abstract class HashFieldSet { /// SHA512 hash. /// /// - [DataMember(Name = "sha512")] + [JsonPropertyName("sha512"), DataMember(Name = "sha512")] public string Sha512 { get; set; } /// @@ -1977,7 +1978,7 @@ public abstract class HashFieldSet { /// SSDEEP hash. /// /// - [DataMember(Name = "ssdeep")] + [JsonPropertyName("ssdeep"), DataMember(Name = "ssdeep")] public string Ssdeep { get; set; } /// @@ -1985,7 +1986,7 @@ public abstract class HashFieldSet { /// TLSH hash. /// /// - [DataMember(Name = "tlsh")] + [JsonPropertyName("tlsh"), DataMember(Name = "tlsh")] public string Tlsh { get; set; } } @@ -1999,7 +2000,7 @@ public abstract class HostFieldSet { /// Operating system architecture. /// x86_64 /// - [DataMember(Name = "architecture")] + [JsonPropertyName("architecture"), DataMember(Name = "architecture")] public string Architecture { get; set; } /// @@ -2008,7 +2009,7 @@ public abstract class HostFieldSet { ///
This field is beta and subject to change. /// 88a1f0ed-5ae5-41ee-af6b-41921c311872 /// - [DataMember(Name = "boot.id")] + [JsonPropertyName("boot.id"), DataMember(Name = "boot.id")] public string BootId { get; set; } /// @@ -2018,7 +2019,7 @@ public abstract class HostFieldSet { /// For example: For a two core host, this value should be the average of the two cores, between 0 and 1. /// /// - [DataMember(Name = "cpu.usage")] + [JsonPropertyName("cpu.usage"), DataMember(Name = "cpu.usage")] public float? CpuUsage { get; set; } /// @@ -2026,7 +2027,7 @@ public abstract class HostFieldSet { /// The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. /// /// - [DataMember(Name = "disk.read.bytes")] + [JsonPropertyName("disk.read.bytes"), DataMember(Name = "disk.read.bytes")] public long? DiskReadBytes { get; set; } /// @@ -2034,7 +2035,7 @@ public abstract class HostFieldSet { /// The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. /// /// - [DataMember(Name = "disk.write.bytes")] + [JsonPropertyName("disk.write.bytes"), DataMember(Name = "disk.write.bytes")] public long? DiskWriteBytes { get; set; } /// @@ -2043,7 +2044,7 @@ public abstract class HostFieldSet { /// For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. /// CONTOSO /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -2052,7 +2053,7 @@ public abstract class HostFieldSet { /// It normally contains what the `hostname` command returns on the host machine. /// /// - [DataMember(Name = "hostname")] + [JsonPropertyName("hostname"), DataMember(Name = "hostname")] public string Hostname { get; set; } /// @@ -2062,7 +2063,7 @@ public abstract class HostFieldSet { /// Example: The current usage of `beat.name`. /// /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -2070,7 +2071,7 @@ public abstract class HostFieldSet { /// Host ip addresses. /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string[] Ip { get; set; } /// @@ -2080,7 +2081,7 @@ public abstract class HostFieldSet { /// pattern: /// ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string[] Mac { get; set; } /// @@ -2089,7 +2090,7 @@ public abstract class HostFieldSet { /// It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. /// /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -2097,7 +2098,7 @@ public abstract class HostFieldSet { /// The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. /// /// - [DataMember(Name = "network.egress.bytes")] + [JsonPropertyName("network.egress.bytes"), DataMember(Name = "network.egress.bytes")] public long? NetworkEgressBytes { get; set; } /// @@ -2105,7 +2106,7 @@ public abstract class HostFieldSet { /// The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. /// /// - [DataMember(Name = "network.egress.packets")] + [JsonPropertyName("network.egress.packets"), DataMember(Name = "network.egress.packets")] public long? NetworkEgressPackets { get; set; } /// @@ -2113,7 +2114,7 @@ public abstract class HostFieldSet { /// The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. /// /// - [DataMember(Name = "network.ingress.bytes")] + [JsonPropertyName("network.ingress.bytes"), DataMember(Name = "network.ingress.bytes")] public long? NetworkIngressBytes { get; set; } /// @@ -2121,7 +2122,7 @@ public abstract class HostFieldSet { /// The number of packets (gauge) received on all network interfaces by the host since the last metric collection. /// /// - [DataMember(Name = "network.ingress.packets")] + [JsonPropertyName("network.ingress.packets"), DataMember(Name = "network.ingress.packets")] public long? NetworkIngressPackets { get; set; } /// @@ -2130,7 +2131,7 @@ public abstract class HostFieldSet { ///
This field is beta and subject to change. /// 256383 /// - [DataMember(Name = "pid_ns_ino")] + [JsonPropertyName("pid_ns_ino"), DataMember(Name = "pid_ns_ino")] public string PidNsIno { get; set; } /// @@ -2139,7 +2140,7 @@ public abstract class HostFieldSet { /// For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. /// /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -2147,7 +2148,7 @@ public abstract class HostFieldSet { /// Seconds the host has been up. /// 1325 /// - [DataMember(Name = "uptime")] + [JsonPropertyName("uptime"), DataMember(Name = "uptime")] public long? Uptime { get; set; } } @@ -2161,7 +2162,7 @@ public abstract class HttpFieldSet { /// Size in bytes of the request body. /// 887 /// - [DataMember(Name = "request.body.bytes")] + [JsonPropertyName("request.body.bytes"), DataMember(Name = "request.body.bytes")] public long? RequestBodyBytes { get; set; } /// @@ -2169,7 +2170,7 @@ public abstract class HttpFieldSet { /// The full HTTP request body. /// Hello world /// - [DataMember(Name = "request.body.content")] + [JsonPropertyName("request.body.content"), DataMember(Name = "request.body.content")] public string RequestBodyContent { get; set; } /// @@ -2177,7 +2178,7 @@ public abstract class HttpFieldSet { /// Total size in bytes of the request (body and headers). /// 1437 /// - [DataMember(Name = "request.bytes")] + [JsonPropertyName("request.bytes"), DataMember(Name = "request.bytes")] public long? RequestBytes { get; set; } /// @@ -2186,7 +2187,7 @@ public abstract class HttpFieldSet { /// The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. /// 123e4567-e89b-12d3-a456-426614174000 /// - [DataMember(Name = "request.id")] + [JsonPropertyName("request.id"), DataMember(Name = "request.id")] public string RequestId { get; set; } /// @@ -2195,7 +2196,7 @@ public abstract class HttpFieldSet { /// The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. /// POST /// - [DataMember(Name = "request.method")] + [JsonPropertyName("request.method"), DataMember(Name = "request.method")] public string RequestMethod { get; set; } /// @@ -2204,7 +2205,7 @@ public abstract class HttpFieldSet { /// This value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients. /// image/gif /// - [DataMember(Name = "request.mime_type")] + [JsonPropertyName("request.mime_type"), DataMember(Name = "request.mime_type")] public string RequestMimeType { get; set; } /// @@ -2212,7 +2213,7 @@ public abstract class HttpFieldSet { /// Referrer for this HTTP request. /// https://blog.example.com/ /// - [DataMember(Name = "request.referrer")] + [JsonPropertyName("request.referrer"), DataMember(Name = "request.referrer")] public string RequestReferrer { get; set; } /// @@ -2220,7 +2221,7 @@ public abstract class HttpFieldSet { /// Size in bytes of the response body. /// 887 /// - [DataMember(Name = "response.body.bytes")] + [JsonPropertyName("response.body.bytes"), DataMember(Name = "response.body.bytes")] public long? ResponseBodyBytes { get; set; } /// @@ -2228,7 +2229,7 @@ public abstract class HttpFieldSet { /// The full HTTP response body. /// Hello world /// - [DataMember(Name = "response.body.content")] + [JsonPropertyName("response.body.content"), DataMember(Name = "response.body.content")] public string ResponseBodyContent { get; set; } /// @@ -2236,7 +2237,7 @@ public abstract class HttpFieldSet { /// Total size in bytes of the response (body and headers). /// 1437 /// - [DataMember(Name = "response.bytes")] + [JsonPropertyName("response.bytes"), DataMember(Name = "response.bytes")] public long? ResponseBytes { get; set; } /// @@ -2245,7 +2246,7 @@ public abstract class HttpFieldSet { /// This value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers. /// image/gif /// - [DataMember(Name = "response.mime_type")] + [JsonPropertyName("response.mime_type"), DataMember(Name = "response.mime_type")] public string ResponseMimeType { get; set; } /// @@ -2253,7 +2254,7 @@ public abstract class HttpFieldSet { /// HTTP response status code. /// 404 /// - [DataMember(Name = "response.status_code")] + [JsonPropertyName("response.status_code"), DataMember(Name = "response.status_code")] public long? ResponseStatusCode { get; set; } /// @@ -2261,7 +2262,7 @@ public abstract class HttpFieldSet { /// HTTP version. /// 1.1 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -2275,7 +2276,7 @@ public abstract class InterfaceFieldSet { /// Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. /// outside /// - [DataMember(Name = "alias")] + [JsonPropertyName("alias"), DataMember(Name = "alias")] public string Alias { get; set; } /// @@ -2283,7 +2284,7 @@ public abstract class InterfaceFieldSet { /// Interface ID as reported by an observer (typically SNMP interface ID). /// 10 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -2291,7 +2292,7 @@ public abstract class InterfaceFieldSet { /// Interface name as reported by the system. /// eth0 /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } } @@ -2306,7 +2307,7 @@ public abstract class LogFieldSet { /// If the event wasn't read from a log file, do not populate this field. /// /var/log/fun-times.log /// - [DataMember(Name = "file.path")] + [JsonPropertyName("file.path"), DataMember(Name = "file.path")] public string FilePath { get; set; } /// @@ -2316,7 +2317,7 @@ public abstract class LogFieldSet { /// Some examples are `warn`, `err`, `i`, `informational`. /// error /// - [DataMember(Name = "level")] + [JsonPropertyName("level"), DataMember(Name = "level")] public string Level { get; set; } /// @@ -2324,7 +2325,7 @@ public abstract class LogFieldSet { /// The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. /// org.elasticsearch.bootstrap.Bootstrap /// - [DataMember(Name = "logger")] + [JsonPropertyName("logger"), DataMember(Name = "logger")] public string Logger { get; set; } /// @@ -2332,7 +2333,7 @@ public abstract class LogFieldSet { /// The line number of the file containing the source code which originated the log event. /// 42 /// - [DataMember(Name = "origin.file.line")] + [JsonPropertyName("origin.file.line"), DataMember(Name = "origin.file.line")] public long? OriginFileLine { get; set; } /// @@ -2341,7 +2342,7 @@ public abstract class LogFieldSet { /// Note that this field is not meant to capture the log file. The correct field to capture the log file is `log.file.path`. /// Bootstrap.java /// - [DataMember(Name = "origin.file.name")] + [JsonPropertyName("origin.file.name"), DataMember(Name = "origin.file.name")] public string OriginFileName { get; set; } /// @@ -2349,7 +2350,7 @@ public abstract class LogFieldSet { /// The name of the function or method which originated the log event. /// init /// - [DataMember(Name = "origin.function")] + [JsonPropertyName("origin.function"), DataMember(Name = "origin.function")] public string OriginFunction { get; set; } /// @@ -2357,7 +2358,7 @@ public abstract class LogFieldSet { /// The Syslog metadata of the event, if the event was transmitted via Syslog. Please see RFCs 5424 or 3164. /// /// - [DataMember(Name = "syslog")] + [JsonPropertyName("syslog"), DataMember(Name = "syslog")] public LogSyslog Syslog { get; set; } } @@ -2373,7 +2374,7 @@ public abstract class NetworkFieldSet { /// The field value must be normalized to lowercase for querying. /// aim /// - [DataMember(Name = "application")] + [JsonPropertyName("application"), DataMember(Name = "application")] public string Application { get; set; } /// @@ -2382,7 +2383,7 @@ public abstract class NetworkFieldSet { /// If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. /// 368 /// - [DataMember(Name = "bytes")] + [JsonPropertyName("bytes"), DataMember(Name = "bytes")] public long? Bytes { get; set; } /// @@ -2391,7 +2392,7 @@ public abstract class NetworkFieldSet { /// Learn more at https://github.com/corelight/community-id-spec. /// 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= /// - [DataMember(Name = "community_id")] + [JsonPropertyName("community_id"), DataMember(Name = "community_id")] public string CommunityId { get; set; } /// @@ -2412,7 +2413,7 @@ public abstract class NetworkFieldSet { /// /// inbound /// - [DataMember(Name = "direction")] + [JsonPropertyName("direction"), DataMember(Name = "direction")] public string Direction { get; set; } /// @@ -2420,7 +2421,7 @@ public abstract class NetworkFieldSet { /// Host IP address when the source IP address is the proxy. /// 192.1.1.2 /// - [DataMember(Name = "forwarded_ip")] + [JsonPropertyName("forwarded_ip"), DataMember(Name = "forwarded_ip")] public string ForwardedIp { get; set; } /// @@ -2428,7 +2429,7 @@ public abstract class NetworkFieldSet { /// IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. /// 6 /// - [DataMember(Name = "iana_number")] + [JsonPropertyName("iana_number"), DataMember(Name = "iana_number")] public string IanaNumber { get; set; } /// @@ -2436,7 +2437,7 @@ public abstract class NetworkFieldSet { /// Name given by operators to sections of their network. /// Guest Wifi /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -2445,7 +2446,7 @@ public abstract class NetworkFieldSet { /// If `source.packets` and `destination.packets` are known, `network.packets` is their sum. /// 24 /// - [DataMember(Name = "packets")] + [JsonPropertyName("packets"), DataMember(Name = "packets")] public long? Packets { get; set; } /// @@ -2454,7 +2455,7 @@ public abstract class NetworkFieldSet { /// The field value must be normalized to lowercase for querying. /// http /// - [DataMember(Name = "protocol")] + [JsonPropertyName("protocol"), DataMember(Name = "protocol")] public string Protocol { get; set; } /// @@ -2463,7 +2464,7 @@ public abstract class NetworkFieldSet { /// The field value must be normalized to lowercase for querying. /// tcp /// - [DataMember(Name = "transport")] + [JsonPropertyName("transport"), DataMember(Name = "transport")] public string Transport { get; set; } /// @@ -2472,7 +2473,7 @@ public abstract class NetworkFieldSet { /// The field value must be normalized to lowercase for querying. /// ipv4 /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -2480,7 +2481,7 @@ public abstract class NetworkFieldSet { /// Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) /// /// - [DataMember(Name = "inner")] + [JsonPropertyName("inner"), DataMember(Name = "inner")] public NetworkInner Inner { get; set; } } @@ -2494,7 +2495,7 @@ public abstract class ObserverFieldSet { /// Hostname of the observer. /// /// - [DataMember(Name = "hostname")] + [JsonPropertyName("hostname"), DataMember(Name = "hostname")] public string Hostname { get; set; } /// @@ -2502,7 +2503,7 @@ public abstract class ObserverFieldSet { /// IP addresses of the observer. /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string[] Ip { get; set; } /// @@ -2512,7 +2513,7 @@ public abstract class ObserverFieldSet { /// pattern: /// ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string[] Mac { get; set; } /// @@ -2522,7 +2523,7 @@ public abstract class ObserverFieldSet { /// If no custom name is needed, the field can be left empty. /// 1_proxySG /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -2530,7 +2531,7 @@ public abstract class ObserverFieldSet { /// The product name of the observer. /// s200 /// - [DataMember(Name = "product")] + [JsonPropertyName("product"), DataMember(Name = "product")] public string Product { get; set; } /// @@ -2538,7 +2539,7 @@ public abstract class ObserverFieldSet { /// Observer serial number. /// /// - [DataMember(Name = "serial_number")] + [JsonPropertyName("serial_number"), DataMember(Name = "serial_number")] public string SerialNumber { get; set; } /// @@ -2547,7 +2548,7 @@ public abstract class ObserverFieldSet { /// There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. /// firewall /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -2555,7 +2556,7 @@ public abstract class ObserverFieldSet { /// Vendor name of the observer. /// Symantec /// - [DataMember(Name = "vendor")] + [JsonPropertyName("vendor"), DataMember(Name = "vendor")] public string Vendor { get; set; } /// @@ -2563,7 +2564,7 @@ public abstract class ObserverFieldSet { /// Observer version. /// /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } /// @@ -2571,7 +2572,7 @@ public abstract class ObserverFieldSet { /// Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. /// /// - [DataMember(Name = "egress")] + [JsonPropertyName("egress"), DataMember(Name = "egress")] public ObserverEgress Egress { get; set; } /// @@ -2579,7 +2580,7 @@ public abstract class ObserverFieldSet { /// Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. /// /// - [DataMember(Name = "ingress")] + [JsonPropertyName("ingress"), DataMember(Name = "ingress")] public ObserverIngress Ingress { get; set; } } @@ -2593,7 +2594,7 @@ public abstract class OrchestratorFieldSet { /// API version being used to carry out the action /// v1beta1 /// - [DataMember(Name = "api_version")] + [JsonPropertyName("api_version"), DataMember(Name = "api_version")] public string ApiVersion { get; set; } /// @@ -2601,7 +2602,7 @@ public abstract class OrchestratorFieldSet { /// Unique ID of the cluster. /// /// - [DataMember(Name = "cluster.id")] + [JsonPropertyName("cluster.id"), DataMember(Name = "cluster.id")] public string ClusterId { get; set; } /// @@ -2609,7 +2610,7 @@ public abstract class OrchestratorFieldSet { /// Name of the cluster. /// /// - [DataMember(Name = "cluster.name")] + [JsonPropertyName("cluster.name"), DataMember(Name = "cluster.name")] public string ClusterName { get; set; } /// @@ -2617,7 +2618,7 @@ public abstract class OrchestratorFieldSet { /// URL of the API used to manage the cluster. /// /// - [DataMember(Name = "cluster.url")] + [JsonPropertyName("cluster.url"), DataMember(Name = "cluster.url")] public string ClusterUrl { get; set; } /// @@ -2625,7 +2626,7 @@ public abstract class OrchestratorFieldSet { /// The version of the cluster. /// /// - [DataMember(Name = "cluster.version")] + [JsonPropertyName("cluster.version"), DataMember(Name = "cluster.version")] public string ClusterVersion { get; set; } /// @@ -2633,7 +2634,7 @@ public abstract class OrchestratorFieldSet { /// Namespace in which the action is taking place. /// kube-system /// - [DataMember(Name = "namespace")] + [JsonPropertyName("namespace"), DataMember(Name = "namespace")] public string Namespace { get; set; } /// @@ -2641,7 +2642,7 @@ public abstract class OrchestratorFieldSet { /// Organization affected by the event (for multi-tenant orchestrator setups). /// elastic /// - [DataMember(Name = "organization")] + [JsonPropertyName("organization"), DataMember(Name = "organization")] public string Organization { get; set; } /// @@ -2649,7 +2650,7 @@ public abstract class OrchestratorFieldSet { /// Unique ID of the resource being acted upon. /// /// - [DataMember(Name = "resource.id")] + [JsonPropertyName("resource.id"), DataMember(Name = "resource.id")] public string ResourceId { get; set; } /// @@ -2657,7 +2658,7 @@ public abstract class OrchestratorFieldSet { /// IP address assigned to the resource associated with the event being observed. In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running). /// /// - [DataMember(Name = "resource.ip")] + [JsonPropertyName("resource.ip"), DataMember(Name = "resource.ip")] public string[] ResourceIp { get; set; } /// @@ -2665,7 +2666,7 @@ public abstract class OrchestratorFieldSet { /// Name of the resource being acted upon. /// test-pod-cdcws /// - [DataMember(Name = "resource.name")] + [JsonPropertyName("resource.name"), DataMember(Name = "resource.name")] public string ResourceName { get; set; } /// @@ -2673,7 +2674,7 @@ public abstract class OrchestratorFieldSet { /// Type or kind of the parent resource associated with the event being observed. In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet). /// DaemonSet /// - [DataMember(Name = "resource.parent.type")] + [JsonPropertyName("resource.parent.type"), DataMember(Name = "resource.parent.type")] public string ResourceParentType { get; set; } /// @@ -2681,7 +2682,7 @@ public abstract class OrchestratorFieldSet { /// Type of resource being acted upon. /// service /// - [DataMember(Name = "resource.type")] + [JsonPropertyName("resource.type"), DataMember(Name = "resource.type")] public string ResourceType { get; set; } /// @@ -2689,7 +2690,7 @@ public abstract class OrchestratorFieldSet { /// Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry). /// kubernetes /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -2703,7 +2704,7 @@ public abstract class OrganizationFieldSet { /// Unique identifier for the organization. /// /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -2711,7 +2712,7 @@ public abstract class OrganizationFieldSet { /// Organization name. /// /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } } @@ -2725,7 +2726,7 @@ public abstract class OsFieldSet { /// OS family (such as redhat, debian, freebsd, windows). /// debian /// - [DataMember(Name = "family")] + [JsonPropertyName("family"), DataMember(Name = "family")] public string Family { get; set; } /// @@ -2733,7 +2734,7 @@ public abstract class OsFieldSet { /// Operating system name, including the version or code name. /// Mac OS Mojave /// - [DataMember(Name = "full")] + [JsonPropertyName("full"), DataMember(Name = "full")] public string Full { get; set; } /// @@ -2741,7 +2742,7 @@ public abstract class OsFieldSet { /// Operating system kernel version as a raw string. /// 4.4.0-112-generic /// - [DataMember(Name = "kernel")] + [JsonPropertyName("kernel"), DataMember(Name = "kernel")] public string Kernel { get; set; } /// @@ -2749,7 +2750,7 @@ public abstract class OsFieldSet { /// Operating system name, without the version. /// Mac OS X /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -2757,7 +2758,7 @@ public abstract class OsFieldSet { /// Operating system platform (such centos, ubuntu, windows). /// darwin /// - [DataMember(Name = "platform")] + [JsonPropertyName("platform"), DataMember(Name = "platform")] public string Platform { get; set; } /// @@ -2773,7 +2774,7 @@ public abstract class OsFieldSet { /// /// macos /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -2781,7 +2782,7 @@ public abstract class OsFieldSet { /// Operating system version as a raw string. /// 10.14.1 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -2795,7 +2796,7 @@ public abstract class PackageFieldSet { /// Package architecture. /// x86_64 /// - [DataMember(Name = "architecture")] + [JsonPropertyName("architecture"), DataMember(Name = "architecture")] public string Architecture { get; set; } /// @@ -2804,7 +2805,7 @@ public abstract class PackageFieldSet { /// For example use the commit SHA of a non-released package. /// 36f4f7e89dd61b0988b12ee000b98966867710cd /// - [DataMember(Name = "build_version")] + [JsonPropertyName("build_version"), DataMember(Name = "build_version")] public string BuildVersion { get; set; } /// @@ -2812,7 +2813,7 @@ public abstract class PackageFieldSet { /// Checksum of the installed package for verification. /// 68b329da9893e34099c7d8ad5cb9c940 /// - [DataMember(Name = "checksum")] + [JsonPropertyName("checksum"), DataMember(Name = "checksum")] public string Checksum { get; set; } /// @@ -2820,7 +2821,7 @@ public abstract class PackageFieldSet { /// Description of the package. /// Open source programming language to build simple/reliable/efficient software. /// - [DataMember(Name = "description")] + [JsonPropertyName("description"), DataMember(Name = "description")] public string Description { get; set; } /// @@ -2828,7 +2829,7 @@ public abstract class PackageFieldSet { /// Indicating how the package was installed, e.g. user-local, global. /// global /// - [DataMember(Name = "install_scope")] + [JsonPropertyName("install_scope"), DataMember(Name = "install_scope")] public string InstallScope { get; set; } /// @@ -2836,7 +2837,7 @@ public abstract class PackageFieldSet { /// Time when package was installed. /// /// - [DataMember(Name = "installed")] + [JsonPropertyName("installed"), DataMember(Name = "installed")] public DateTimeOffset? Installed { get; set; } /// @@ -2845,7 +2846,7 @@ public abstract class PackageFieldSet { /// Use a short name, e.g. the license identifier from SPDX License List where possible (https://spdx.org/licenses/). /// Apache License 2.0 /// - [DataMember(Name = "license")] + [JsonPropertyName("license"), DataMember(Name = "license")] public string License { get; set; } /// @@ -2853,7 +2854,7 @@ public abstract class PackageFieldSet { /// Package name /// go /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -2861,7 +2862,7 @@ public abstract class PackageFieldSet { /// Path where the package is installed. /// /usr/local/Cellar/go/1.12.9/ /// - [DataMember(Name = "path")] + [JsonPropertyName("path"), DataMember(Name = "path")] public string Path { get; set; } /// @@ -2869,7 +2870,7 @@ public abstract class PackageFieldSet { /// Home page or reference URL of the software in this package, if available. /// https://golang.org /// - [DataMember(Name = "reference")] + [JsonPropertyName("reference"), DataMember(Name = "reference")] public string Reference { get; set; } /// @@ -2877,7 +2878,7 @@ public abstract class PackageFieldSet { /// Package size in bytes. /// 62231 /// - [DataMember(Name = "size")] + [JsonPropertyName("size"), DataMember(Name = "size")] public long? Size { get; set; } /// @@ -2886,7 +2887,7 @@ public abstract class PackageFieldSet { /// This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. /// rpm /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -2894,7 +2895,7 @@ public abstract class PackageFieldSet { /// Package version /// 1.12.9 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -2908,7 +2909,7 @@ public abstract class PeFieldSet { /// CPU architecture target for the file. /// x64 /// - [DataMember(Name = "architecture")] + [JsonPropertyName("architecture"), DataMember(Name = "architecture")] public string Architecture { get; set; } /// @@ -2916,7 +2917,7 @@ public abstract class PeFieldSet { /// Internal company name of the file, provided at compile-time. /// Microsoft Corporation /// - [DataMember(Name = "company")] + [JsonPropertyName("company"), DataMember(Name = "company")] public string Company { get; set; } /// @@ -2924,7 +2925,7 @@ public abstract class PeFieldSet { /// Internal description of the file, provided at compile-time. /// Paint /// - [DataMember(Name = "description")] + [JsonPropertyName("description"), DataMember(Name = "description")] public string Description { get; set; } /// @@ -2932,7 +2933,7 @@ public abstract class PeFieldSet { /// Internal version of the file, provided at compile-time. /// 6.3.9600.17415 /// - [DataMember(Name = "file_version")] + [JsonPropertyName("file_version"), DataMember(Name = "file_version")] public string FileVersion { get; set; } /// @@ -2941,7 +2942,7 @@ public abstract class PeFieldSet { /// Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. /// 0c6803c4e922103c4dca5963aad36ddf /// - [DataMember(Name = "imphash")] + [JsonPropertyName("imphash"), DataMember(Name = "imphash")] public string Imphash { get; set; } /// @@ -2949,7 +2950,7 @@ public abstract class PeFieldSet { /// Internal name of the file, provided at compile-time. /// MSPAINT.EXE /// - [DataMember(Name = "original_file_name")] + [JsonPropertyName("original_file_name"), DataMember(Name = "original_file_name")] public string OriginalFileName { get; set; } /// @@ -2958,7 +2959,7 @@ public abstract class PeFieldSet { /// Learn more at https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html. /// 73ff189b63cd6be375a7ff25179a38d347651975 /// - [DataMember(Name = "pehash")] + [JsonPropertyName("pehash"), DataMember(Name = "pehash")] public string Pehash { get; set; } /// @@ -2966,7 +2967,7 @@ public abstract class PeFieldSet { /// Internal product name of the file, provided at compile-time. /// Microsoft® Windows® Operating System /// - [DataMember(Name = "product")] + [JsonPropertyName("product"), DataMember(Name = "product")] public string Product { get; set; } } @@ -2981,7 +2982,7 @@ public abstract class ProcessFieldSet { /// May be filtered to protect sensitive information. /// ["/usr/bin/ssh", "-l", "user", "10.0.0.16"] /// - [DataMember(Name = "args")] + [JsonPropertyName("args"), DataMember(Name = "args")] public string[] Args { get; set; } /// @@ -2990,7 +2991,7 @@ public abstract class ProcessFieldSet { /// This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. /// 4 /// - [DataMember(Name = "args_count")] + [JsonPropertyName("args_count"), DataMember(Name = "args_count")] public long? ArgsCount { get; set; } /// @@ -2999,7 +3000,7 @@ public abstract class ProcessFieldSet { /// Some arguments may be filtered to protect sensitive information. /// /usr/bin/ssh -l user 10.0.0.16 /// - [DataMember(Name = "command_line")] + [JsonPropertyName("command_line"), DataMember(Name = "command_line")] public string CommandLine { get; set; } /// @@ -3007,7 +3008,7 @@ public abstract class ProcessFieldSet { /// The time the process ended. /// 5/23/2016 8:05:34 AM /// - [DataMember(Name = "end")] + [JsonPropertyName("end"), DataMember(Name = "end")] public DateTimeOffset? End { get; set; } /// @@ -3017,7 +3018,7 @@ public abstract class ProcessFieldSet { /// Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. /// c2c455d9f99375d /// - [DataMember(Name = "entity_id")] + [JsonPropertyName("entity_id"), DataMember(Name = "entity_id")] public string EntityId { get; set; } /// @@ -3025,7 +3026,7 @@ public abstract class ProcessFieldSet { /// Absolute path to the process executable. /// /usr/bin/ssh /// - [DataMember(Name = "executable")] + [JsonPropertyName("executable"), DataMember(Name = "executable")] public string Executable { get; set; } /// @@ -3034,7 +3035,7 @@ public abstract class ProcessFieldSet { /// The field should be absent if there is no exit code for the event (e.g. process start). /// 137 /// - [DataMember(Name = "exit_code")] + [JsonPropertyName("exit_code"), DataMember(Name = "exit_code")] public long? ExitCode { get; set; } /// @@ -3045,7 +3046,7 @@ public abstract class ProcessFieldSet { ///
This field is beta and subject to change. /// true /// - [DataMember(Name = "interactive")] + [JsonPropertyName("interactive"), DataMember(Name = "interactive")] public bool? Interactive { get; set; } /// @@ -3054,7 +3055,7 @@ public abstract class ProcessFieldSet { /// Sometimes called program name or similar. /// ssh /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -3063,7 +3064,7 @@ public abstract class ProcessFieldSet { /// Identifier of the group of processes the process belongs to. /// /// - [DataMember(Name = "pgid")] + [JsonPropertyName("pgid"), DataMember(Name = "pgid")] public long? Pgid { get; set; } /// @@ -3071,7 +3072,7 @@ public abstract class ProcessFieldSet { /// Process id. /// 4242 /// - [DataMember(Name = "pid")] + [JsonPropertyName("pid"), DataMember(Name = "pid")] public long? Pid { get; set; } /// @@ -3079,7 +3080,7 @@ public abstract class ProcessFieldSet { /// The time the process started. /// 5/23/2016 8:05:34 AM /// - [DataMember(Name = "start")] + [JsonPropertyName("start"), DataMember(Name = "start")] public DateTimeOffset? Start { get; set; } /// @@ -3087,7 +3088,7 @@ public abstract class ProcessFieldSet { /// Thread ID. /// 4242 /// - [DataMember(Name = "thread.id")] + [JsonPropertyName("thread.id"), DataMember(Name = "thread.id")] public long? ThreadId { get; set; } /// @@ -3095,7 +3096,7 @@ public abstract class ProcessFieldSet { /// Thread name. /// thread-0 /// - [DataMember(Name = "thread.name")] + [JsonPropertyName("thread.name"), DataMember(Name = "thread.name")] public string ThreadName { get; set; } /// @@ -3104,7 +3105,7 @@ public abstract class ProcessFieldSet { /// The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. /// /// - [DataMember(Name = "title")] + [JsonPropertyName("title"), DataMember(Name = "title")] public string Title { get; set; } /// @@ -3112,7 +3113,7 @@ public abstract class ProcessFieldSet { /// Seconds the process has been up. /// 1325 /// - [DataMember(Name = "uptime")] + [JsonPropertyName("uptime"), DataMember(Name = "uptime")] public long? Uptime { get; set; } /// @@ -3120,7 +3121,7 @@ public abstract class ProcessFieldSet { /// The working directory of the process. /// /home/alice /// - [DataMember(Name = "working_directory")] + [JsonPropertyName("working_directory"), DataMember(Name = "working_directory")] public string WorkingDirectory { get; set; } /// @@ -3130,7 +3131,7 @@ public abstract class ProcessFieldSet { ///
This field is beta and subject to change. /// {"USER": "elastic","LANG": "en_US.UTF-8","HOME": "/home/elastic"} /// - [DataMember(Name = "env_vars")] + [JsonPropertyName("env_vars"), DataMember(Name = "env_vars")] public ProcessEnvVars EnvVars { get; set; } /// @@ -3139,7 +3140,7 @@ public abstract class ProcessFieldSet { ///
This field is beta and subject to change. /// /// - [DataMember(Name = "tty")] + [JsonPropertyName("tty"), DataMember(Name = "tty")] public ProcessTty Tty { get; set; } } @@ -3154,7 +3155,7 @@ public abstract class RegistryFieldSet { /// For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. /// ZQBuAC0AVQBTAAAAZQBuAAAAAAA= /// - [DataMember(Name = "data.bytes")] + [JsonPropertyName("data.bytes"), DataMember(Name = "data.bytes")] public string DataBytes { get; set; } /// @@ -3163,7 +3164,7 @@ public abstract class RegistryFieldSet { /// Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). /// ["C:\rta\red_ttp\bin\myapp.exe"] /// - [DataMember(Name = "data.strings")] + [JsonPropertyName("data.strings"), DataMember(Name = "data.strings")] public string[] DataStrings { get; set; } /// @@ -3171,7 +3172,7 @@ public abstract class RegistryFieldSet { /// Standard registry type for encoding contents /// REG_SZ /// - [DataMember(Name = "data.type")] + [JsonPropertyName("data.type"), DataMember(Name = "data.type")] public string DataType { get; set; } /// @@ -3179,7 +3180,7 @@ public abstract class RegistryFieldSet { /// Abbreviated name for the hive. /// HKLM /// - [DataMember(Name = "hive")] + [JsonPropertyName("hive"), DataMember(Name = "hive")] public string Hive { get; set; } /// @@ -3187,7 +3188,7 @@ public abstract class RegistryFieldSet { /// Hive-relative path of keys. /// SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe /// - [DataMember(Name = "key")] + [JsonPropertyName("key"), DataMember(Name = "key")] public string Key { get; set; } /// @@ -3195,7 +3196,7 @@ public abstract class RegistryFieldSet { /// Full path, including hive, key and value /// HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger /// - [DataMember(Name = "path")] + [JsonPropertyName("path"), DataMember(Name = "path")] public string Path { get; set; } /// @@ -3203,7 +3204,7 @@ public abstract class RegistryFieldSet { /// Name of the value written. /// Debugger /// - [DataMember(Name = "value")] + [JsonPropertyName("value"), DataMember(Name = "value")] public string Value { get; set; } } @@ -3217,7 +3218,7 @@ public abstract class RelatedFieldSet { /// All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). /// /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public string[] Hash { get; set; } /// @@ -3225,7 +3226,7 @@ public abstract class RelatedFieldSet { /// All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. /// /// - [DataMember(Name = "hosts")] + [JsonPropertyName("hosts"), DataMember(Name = "hosts")] public string[] Hosts { get; set; } /// @@ -3233,7 +3234,7 @@ public abstract class RelatedFieldSet { /// All of the IPs seen on your event. /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string[] Ip { get; set; } /// @@ -3241,7 +3242,7 @@ public abstract class RelatedFieldSet { /// All the user names or other user identifiers seen on the event. /// /// - [DataMember(Name = "user")] + [JsonPropertyName("user"), DataMember(Name = "user")] public string[] User { get; set; } } @@ -3255,7 +3256,7 @@ public abstract class RuleFieldSet { /// Name, organization, or pseudonym of the author or authors who created the rule used to generate this event. /// ["Star-Lord"] /// - [DataMember(Name = "author")] + [JsonPropertyName("author"), DataMember(Name = "author")] public string[] Author { get; set; } /// @@ -3263,7 +3264,7 @@ public abstract class RuleFieldSet { /// A categorization value keyword used by the entity using the rule for detection of this event. /// Attempted Information Leak /// - [DataMember(Name = "category")] + [JsonPropertyName("category"), DataMember(Name = "category")] public string Category { get; set; } /// @@ -3271,7 +3272,7 @@ public abstract class RuleFieldSet { /// The description of the rule generating the event. /// Block requests to public DNS over HTTPS / TLS protocols /// - [DataMember(Name = "description")] + [JsonPropertyName("description"), DataMember(Name = "description")] public string Description { get; set; } /// @@ -3279,7 +3280,7 @@ public abstract class RuleFieldSet { /// A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. /// 101 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -3287,7 +3288,7 @@ public abstract class RuleFieldSet { /// Name of the license under which the rule used to generate this event is made available. /// Apache 2.0 /// - [DataMember(Name = "license")] + [JsonPropertyName("license"), DataMember(Name = "license")] public string License { get; set; } /// @@ -3295,7 +3296,7 @@ public abstract class RuleFieldSet { /// The name of the rule or signature generating the event. /// BLOCK_DNS_over_TLS /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -3304,7 +3305,7 @@ public abstract class RuleFieldSet { /// The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. /// https://en.wikipedia.org/wiki/DNS_over_TLS /// - [DataMember(Name = "reference")] + [JsonPropertyName("reference"), DataMember(Name = "reference")] public string Reference { get; set; } /// @@ -3312,7 +3313,7 @@ public abstract class RuleFieldSet { /// Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. /// Standard_Protocol_Filters /// - [DataMember(Name = "ruleset")] + [JsonPropertyName("ruleset"), DataMember(Name = "ruleset")] public string Ruleset { get; set; } /// @@ -3320,7 +3321,7 @@ public abstract class RuleFieldSet { /// A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. /// 1100110011 /// - [DataMember(Name = "uuid")] + [JsonPropertyName("uuid"), DataMember(Name = "uuid")] public string Uuid { get; set; } /// @@ -3328,7 +3329,7 @@ public abstract class RuleFieldSet { /// The version / revision of the rule being used for analysis. /// 1.1 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -3343,7 +3344,7 @@ public abstract class ServerFieldSet { /// Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. /// /// - [DataMember(Name = "address")] + [JsonPropertyName("address"), DataMember(Name = "address")] public string Address { get; set; } /// @@ -3351,7 +3352,7 @@ public abstract class ServerFieldSet { /// Bytes sent from the server to the client. /// 184 /// - [DataMember(Name = "bytes")] + [JsonPropertyName("bytes"), DataMember(Name = "bytes")] public long? Bytes { get; set; } /// @@ -3360,7 +3361,7 @@ public abstract class ServerFieldSet { /// This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. /// foo.example.com /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -3368,7 +3369,7 @@ public abstract class ServerFieldSet { /// IP address of the server (IPv4 or IPv6). /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string Ip { get; set; } /// @@ -3378,7 +3379,7 @@ public abstract class ServerFieldSet { /// pattern: /// 00-00-5E-00-53-23 /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string Mac { get; set; } /// @@ -3387,7 +3388,7 @@ public abstract class ServerFieldSet { /// Typically used with load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.ip")] + [JsonPropertyName("nat.ip"), DataMember(Name = "nat.ip")] public string NatIp { get; set; } /// @@ -3396,7 +3397,7 @@ public abstract class ServerFieldSet { /// Typically used with load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.port")] + [JsonPropertyName("nat.port"), DataMember(Name = "nat.port")] public long? NatPort { get; set; } /// @@ -3404,7 +3405,7 @@ public abstract class ServerFieldSet { /// Packets sent from the server to the client. /// 12 /// - [DataMember(Name = "packets")] + [JsonPropertyName("packets"), DataMember(Name = "packets")] public long? Packets { get; set; } /// @@ -3412,7 +3413,7 @@ public abstract class ServerFieldSet { /// Port of the server. /// /// - [DataMember(Name = "port")] + [JsonPropertyName("port"), DataMember(Name = "port")] public long? Port { get; set; } /// @@ -3422,7 +3423,7 @@ public abstract class ServerFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "registered_domain")] + [JsonPropertyName("registered_domain"), DataMember(Name = "registered_domain")] public string RegisteredDomain { get; set; } /// @@ -3431,7 +3432,7 @@ public abstract class ServerFieldSet { /// For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// east /// - [DataMember(Name = "subdomain")] + [JsonPropertyName("subdomain"), DataMember(Name = "subdomain")] public string Subdomain { get; set; } /// @@ -3440,7 +3441,7 @@ public abstract class ServerFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "top_level_domain")] + [JsonPropertyName("top_level_domain"), DataMember(Name = "top_level_domain")] public string TopLevelDomain { get; set; } } @@ -3455,7 +3456,7 @@ public abstract class ServiceFieldSet { /// This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). /// 172.26.0.2:5432 /// - [DataMember(Name = "address")] + [JsonPropertyName("address"), DataMember(Name = "address")] public string Address { get; set; } /// @@ -3465,7 +3466,7 @@ public abstract class ServiceFieldSet { ///
This field is beta and subject to change. /// production /// - [DataMember(Name = "environment")] + [JsonPropertyName("environment"), DataMember(Name = "environment")] public string Environment { get; set; } /// @@ -3474,7 +3475,7 @@ public abstract class ServiceFieldSet { /// This id normally changes across restarts, but `service.id` does not. /// 8a4f500f /// - [DataMember(Name = "ephemeral_id")] + [JsonPropertyName("ephemeral_id"), DataMember(Name = "ephemeral_id")] public string EphemeralId { get; set; } /// @@ -3484,7 +3485,7 @@ public abstract class ServiceFieldSet { /// Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. /// d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -3494,7 +3495,7 @@ public abstract class ServiceFieldSet { /// In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. /// elasticsearch-metrics /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -3504,7 +3505,7 @@ public abstract class ServiceFieldSet { /// In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. /// instance-0000000016 /// - [DataMember(Name = "node.name")] + [JsonPropertyName("node.name"), DataMember(Name = "node.name")] public string NodeName { get; set; } /// @@ -3517,7 +3518,7 @@ public abstract class ServiceFieldSet { /// Other services could use this to distinguish between a `web` and `worker` role running as part of the service. /// background_tasks /// - [DataMember(Name = "node.role")] + [JsonPropertyName("node.role"), DataMember(Name = "node.role")] public string NodeRole { get; set; } /// @@ -3529,7 +3530,7 @@ public abstract class ServiceFieldSet { /// Other services could use this to distinguish between a `web` and `worker` role running as part of the service. /// ["ui", "background_tasks"] /// - [DataMember(Name = "node.roles")] + [JsonPropertyName("node.roles"), DataMember(Name = "node.roles")] public string[] NodeRoles { get; set; } /// @@ -3537,7 +3538,7 @@ public abstract class ServiceFieldSet { /// Current state of the service. /// /// - [DataMember(Name = "state")] + [JsonPropertyName("state"), DataMember(Name = "state")] public string State { get; set; } /// @@ -3547,7 +3548,7 @@ public abstract class ServiceFieldSet { /// Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. /// elasticsearch /// - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } /// @@ -3556,7 +3557,7 @@ public abstract class ServiceFieldSet { /// This allows to look at a data set only for a specific version of a service. /// 3.2.4 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -3571,7 +3572,7 @@ public abstract class SourceFieldSet { /// Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. /// /// - [DataMember(Name = "address")] + [JsonPropertyName("address"), DataMember(Name = "address")] public string Address { get; set; } /// @@ -3579,7 +3580,7 @@ public abstract class SourceFieldSet { /// Bytes sent from the source to the destination. /// 184 /// - [DataMember(Name = "bytes")] + [JsonPropertyName("bytes"), DataMember(Name = "bytes")] public long? Bytes { get; set; } /// @@ -3588,7 +3589,7 @@ public abstract class SourceFieldSet { /// This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. /// foo.example.com /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -3596,7 +3597,7 @@ public abstract class SourceFieldSet { /// IP address of the source (IPv4 or IPv6). /// /// - [DataMember(Name = "ip")] + [JsonPropertyName("ip"), DataMember(Name = "ip")] public string Ip { get; set; } /// @@ -3606,7 +3607,7 @@ public abstract class SourceFieldSet { /// pattern: /// 00-00-5E-00-53-23 /// - [DataMember(Name = "mac")] + [JsonPropertyName("mac"), DataMember(Name = "mac")] public string Mac { get; set; } /// @@ -3615,7 +3616,7 @@ public abstract class SourceFieldSet { /// Typically connections traversing load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.ip")] + [JsonPropertyName("nat.ip"), DataMember(Name = "nat.ip")] public string NatIp { get; set; } /// @@ -3624,7 +3625,7 @@ public abstract class SourceFieldSet { /// Typically used with load balancers, firewalls, or routers. /// /// - [DataMember(Name = "nat.port")] + [JsonPropertyName("nat.port"), DataMember(Name = "nat.port")] public long? NatPort { get; set; } /// @@ -3632,7 +3633,7 @@ public abstract class SourceFieldSet { /// Packets sent from the source to the destination. /// 12 /// - [DataMember(Name = "packets")] + [JsonPropertyName("packets"), DataMember(Name = "packets")] public long? Packets { get; set; } /// @@ -3640,7 +3641,7 @@ public abstract class SourceFieldSet { /// Port of the source. /// /// - [DataMember(Name = "port")] + [JsonPropertyName("port"), DataMember(Name = "port")] public long? Port { get; set; } /// @@ -3650,7 +3651,7 @@ public abstract class SourceFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "registered_domain")] + [JsonPropertyName("registered_domain"), DataMember(Name = "registered_domain")] public string RegisteredDomain { get; set; } /// @@ -3659,7 +3660,7 @@ public abstract class SourceFieldSet { /// For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// east /// - [DataMember(Name = "subdomain")] + [JsonPropertyName("subdomain"), DataMember(Name = "subdomain")] public string Subdomain { get; set; } /// @@ -3668,7 +3669,7 @@ public abstract class SourceFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "top_level_domain")] + [JsonPropertyName("top_level_domain"), DataMember(Name = "top_level_domain")] public string TopLevelDomain { get; set; } } @@ -3682,7 +3683,7 @@ public abstract class ThreatFieldSet { /// The saved object ID of the dashboard belonging to the threat feed for displaying dashboard links to threat feeds in Kibana. /// 5ba16340-72e6-11eb-a3e3-b3cc7c78a70f /// - [DataMember(Name = "feed.dashboard_id")] + [JsonPropertyName("feed.dashboard_id"), DataMember(Name = "feed.dashboard_id")] public string FeedDashboardId { get; set; } /// @@ -3690,7 +3691,7 @@ public abstract class ThreatFieldSet { /// Description of the threat feed in a UI friendly format. /// Threat feed from the AlienVault Open Threat eXchange network. /// - [DataMember(Name = "feed.description")] + [JsonPropertyName("feed.description"), DataMember(Name = "feed.description")] public string FeedDescription { get; set; } /// @@ -3698,7 +3699,7 @@ public abstract class ThreatFieldSet { /// The name of the threat feed in UI friendly format. /// AlienVault OTX /// - [DataMember(Name = "feed.name")] + [JsonPropertyName("feed.name"), DataMember(Name = "feed.name")] public string FeedName { get; set; } /// @@ -3706,7 +3707,7 @@ public abstract class ThreatFieldSet { /// Reference information for the threat feed in a UI friendly format. /// https://otx.alienvault.com /// - [DataMember(Name = "feed.reference")] + [JsonPropertyName("feed.reference"), DataMember(Name = "feed.reference")] public string FeedReference { get; set; } /// @@ -3714,7 +3715,7 @@ public abstract class ThreatFieldSet { /// Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. /// MITRE ATT&CK /// - [DataMember(Name = "framework")] + [JsonPropertyName("framework"), DataMember(Name = "framework")] public string Framework { get; set; } /// @@ -3723,7 +3724,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® group alias(es). /// [ "Magecart Group 6" ] /// - [DataMember(Name = "group.alias")] + [JsonPropertyName("group.alias"), DataMember(Name = "group.alias")] public string[] GroupAlias { get; set; } /// @@ -3732,7 +3733,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® group id. /// G0037 /// - [DataMember(Name = "group.id")] + [JsonPropertyName("group.id"), DataMember(Name = "group.id")] public string GroupId { get; set; } /// @@ -3741,7 +3742,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® group name. /// FIN6 /// - [DataMember(Name = "group.name")] + [JsonPropertyName("group.name"), DataMember(Name = "group.name")] public string GroupName { get; set; } /// @@ -3750,7 +3751,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® group reference URL. /// https://attack.mitre.org/groups/G0037/ /// - [DataMember(Name = "group.reference")] + [JsonPropertyName("group.reference"), DataMember(Name = "group.reference")] public string GroupReference { get; set; } /// @@ -3766,7 +3767,7 @@ public abstract class ThreatFieldSet { /// /// Medium /// - [DataMember(Name = "indicator.confidence")] + [JsonPropertyName("indicator.confidence"), DataMember(Name = "indicator.confidence")] public string IndicatorConfidence { get; set; } /// @@ -3774,7 +3775,7 @@ public abstract class ThreatFieldSet { /// Describes the type of action conducted by the threat. /// IP x.x.x.x was observed delivering the Angler EK. /// - [DataMember(Name = "indicator.description")] + [JsonPropertyName("indicator.description"), DataMember(Name = "indicator.description")] public string IndicatorDescription { get; set; } /// @@ -3782,7 +3783,7 @@ public abstract class ThreatFieldSet { /// Identifies a threat indicator as an email address (irrespective of direction). /// phish@example.com /// - [DataMember(Name = "indicator.email.address")] + [JsonPropertyName("indicator.email.address"), DataMember(Name = "indicator.email.address")] public string IndicatorEmailAddress { get; set; } /// @@ -3790,7 +3791,7 @@ public abstract class ThreatFieldSet { /// The date and time when intelligence source first reported sighting this indicator. /// 11/5/2020 5:25:47 PM /// - [DataMember(Name = "indicator.first_seen")] + [JsonPropertyName("indicator.first_seen"), DataMember(Name = "indicator.first_seen")] public DateTimeOffset? IndicatorFirstSeen { get; set; } /// @@ -3798,7 +3799,7 @@ public abstract class ThreatFieldSet { /// Identifies a threat indicator as an IP address (irrespective of direction). /// 1.2.3.4 /// - [DataMember(Name = "indicator.ip")] + [JsonPropertyName("indicator.ip"), DataMember(Name = "indicator.ip")] public string IndicatorIp { get; set; } /// @@ -3806,7 +3807,7 @@ public abstract class ThreatFieldSet { /// The date and time when intelligence source last reported sighting this indicator. /// 11/5/2020 5:25:47 PM /// - [DataMember(Name = "indicator.last_seen")] + [JsonPropertyName("indicator.last_seen"), DataMember(Name = "indicator.last_seen")] public DateTimeOffset? IndicatorLastSeen { get; set; } /// @@ -3821,7 +3822,7 @@ public abstract class ThreatFieldSet { /// /// WHITE /// - [DataMember(Name = "indicator.marking.tlp")] + [JsonPropertyName("indicator.marking.tlp"), DataMember(Name = "indicator.marking.tlp")] public string IndicatorMarkingTlp { get; set; } /// @@ -3829,7 +3830,7 @@ public abstract class ThreatFieldSet { /// The date and time when intelligence source last modified information for this indicator. /// 11/5/2020 5:25:47 PM /// - [DataMember(Name = "indicator.modified_at")] + [JsonPropertyName("indicator.modified_at"), DataMember(Name = "indicator.modified_at")] public DateTimeOffset? IndicatorModifiedAt { get; set; } /// @@ -3837,7 +3838,7 @@ public abstract class ThreatFieldSet { /// Identifies a threat indicator as a port number (irrespective of direction). /// 443 /// - [DataMember(Name = "indicator.port")] + [JsonPropertyName("indicator.port"), DataMember(Name = "indicator.port")] public long? IndicatorPort { get; set; } /// @@ -3845,7 +3846,7 @@ public abstract class ThreatFieldSet { /// The name of the indicator's provider. /// lrz_urlhaus /// - [DataMember(Name = "indicator.provider")] + [JsonPropertyName("indicator.provider"), DataMember(Name = "indicator.provider")] public string IndicatorProvider { get; set; } /// @@ -3853,7 +3854,7 @@ public abstract class ThreatFieldSet { /// Reference URL linking to additional information about this indicator. /// https://system.example.com/indicator/0001234 /// - [DataMember(Name = "indicator.reference")] + [JsonPropertyName("indicator.reference"), DataMember(Name = "indicator.reference")] public string IndicatorReference { get; set; } /// @@ -3861,7 +3862,7 @@ public abstract class ThreatFieldSet { /// Count of AV/EDR vendors that successfully detected malicious file or URL. /// 4 /// - [DataMember(Name = "indicator.scanner_stats")] + [JsonPropertyName("indicator.scanner_stats"), DataMember(Name = "indicator.scanner_stats")] public long? IndicatorScannerStats { get; set; } /// @@ -3869,7 +3870,7 @@ public abstract class ThreatFieldSet { /// Number of times this indicator was observed conducting threat activity. /// 20 /// - [DataMember(Name = "indicator.sightings")] + [JsonPropertyName("indicator.sightings"), DataMember(Name = "indicator.sightings")] public long? IndicatorSightings { get; set; } /// @@ -3897,7 +3898,7 @@ public abstract class ThreatFieldSet { /// /// ipv4-addr /// - [DataMember(Name = "indicator.type")] + [JsonPropertyName("indicator.type"), DataMember(Name = "indicator.type")] public string IndicatorType { get; set; } /// @@ -3906,7 +3907,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® associated software description. /// [ "X-Agent" ] /// - [DataMember(Name = "software.alias")] + [JsonPropertyName("software.alias"), DataMember(Name = "software.alias")] public string[] SoftwareAlias { get; set; } /// @@ -3915,7 +3916,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® software id. /// S0552 /// - [DataMember(Name = "software.id")] + [JsonPropertyName("software.id"), DataMember(Name = "software.id")] public string SoftwareId { get; set; } /// @@ -3924,7 +3925,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® software name. /// AdFind /// - [DataMember(Name = "software.name")] + [JsonPropertyName("software.name"), DataMember(Name = "software.name")] public string SoftwareName { get; set; } /// @@ -3946,7 +3947,7 @@ public abstract class ThreatFieldSet { /// /// [ "Windows" ] /// - [DataMember(Name = "software.platforms")] + [JsonPropertyName("software.platforms"), DataMember(Name = "software.platforms")] public string[] SoftwarePlatforms { get; set; } /// @@ -3955,7 +3956,7 @@ public abstract class ThreatFieldSet { /// While not required, you can use a MITRE ATT&CK® software reference URL. /// https://attack.mitre.org/software/S0552/ /// - [DataMember(Name = "software.reference")] + [JsonPropertyName("software.reference"), DataMember(Name = "software.reference")] public string SoftwareReference { get; set; } /// @@ -3969,7 +3970,7 @@ public abstract class ThreatFieldSet { /// /// Tool /// - [DataMember(Name = "software.type")] + [JsonPropertyName("software.type"), DataMember(Name = "software.type")] public string SoftwareType { get; set; } /// @@ -3977,7 +3978,7 @@ public abstract class ThreatFieldSet { /// The id of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ ) /// TA0002 /// - [DataMember(Name = "tactic.id")] + [JsonPropertyName("tactic.id"), DataMember(Name = "tactic.id")] public string[] TacticId { get; set; } /// @@ -3985,7 +3986,7 @@ public abstract class ThreatFieldSet { /// Name of the type of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/) /// Execution /// - [DataMember(Name = "tactic.name")] + [JsonPropertyName("tactic.name"), DataMember(Name = "tactic.name")] public string[] TacticName { get; set; } /// @@ -3993,7 +3994,7 @@ public abstract class ThreatFieldSet { /// The reference url of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ ) /// https://attack.mitre.org/tactics/TA0002/ /// - [DataMember(Name = "tactic.reference")] + [JsonPropertyName("tactic.reference"), DataMember(Name = "tactic.reference")] public string[] TacticReference { get; set; } /// @@ -4001,7 +4002,7 @@ public abstract class ThreatFieldSet { /// The id of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) /// T1059 /// - [DataMember(Name = "technique.id")] + [JsonPropertyName("technique.id"), DataMember(Name = "technique.id")] public string[] TechniqueId { get; set; } /// @@ -4009,7 +4010,7 @@ public abstract class ThreatFieldSet { /// The name of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) /// Command and Scripting Interpreter /// - [DataMember(Name = "technique.name")] + [JsonPropertyName("technique.name"), DataMember(Name = "technique.name")] public string[] TechniqueName { get; set; } /// @@ -4017,7 +4018,7 @@ public abstract class ThreatFieldSet { /// The reference url of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) /// https://attack.mitre.org/techniques/T1059/ /// - [DataMember(Name = "technique.reference")] + [JsonPropertyName("technique.reference"), DataMember(Name = "technique.reference")] public string[] TechniqueReference { get; set; } /// @@ -4025,7 +4026,7 @@ public abstract class ThreatFieldSet { /// The full id of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) /// T1059.001 /// - [DataMember(Name = "technique.subtechnique.id")] + [JsonPropertyName("technique.subtechnique.id"), DataMember(Name = "technique.subtechnique.id")] public string[] TechniqueSubtechniqueId { get; set; } /// @@ -4033,7 +4034,7 @@ public abstract class ThreatFieldSet { /// The name of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) /// PowerShell /// - [DataMember(Name = "technique.subtechnique.name")] + [JsonPropertyName("technique.subtechnique.name"), DataMember(Name = "technique.subtechnique.name")] public string[] TechniqueSubtechniqueName { get; set; } /// @@ -4041,7 +4042,7 @@ public abstract class ThreatFieldSet { /// The reference url of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) /// https://attack.mitre.org/techniques/T1059/001/ /// - [DataMember(Name = "technique.subtechnique.reference")] + [JsonPropertyName("technique.subtechnique.reference"), DataMember(Name = "technique.subtechnique.reference")] public string[] TechniqueSubtechniqueReference { get; set; } /// @@ -4050,7 +4051,7 @@ public abstract class ThreatFieldSet { ///
This field is beta and subject to change. /// /// - [DataMember(Name = "enrichments")] + [JsonPropertyName("enrichments"), DataMember(Name = "enrichments")] public ThreatEnrichments[] Enrichments { get; set; } } @@ -4064,7 +4065,7 @@ public abstract class TlsFieldSet { /// String indicating the cipher used during the current connection. /// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 /// - [DataMember(Name = "cipher")] + [JsonPropertyName("cipher"), DataMember(Name = "cipher")] public string Cipher { get; set; } /// @@ -4072,7 +4073,7 @@ public abstract class TlsFieldSet { /// PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. /// MII... /// - [DataMember(Name = "client.certificate")] + [JsonPropertyName("client.certificate"), DataMember(Name = "client.certificate")] public string ClientCertificate { get; set; } /// @@ -4080,7 +4081,7 @@ public abstract class TlsFieldSet { /// Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. /// ["MII...", "MII..."] /// - [DataMember(Name = "client.certificate_chain")] + [JsonPropertyName("client.certificate_chain"), DataMember(Name = "client.certificate_chain")] public string[] ClientCertificateChain { get; set; } /// @@ -4088,7 +4089,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC /// - [DataMember(Name = "client.hash.md5")] + [JsonPropertyName("client.hash.md5"), DataMember(Name = "client.hash.md5")] public string ClientHashMd5 { get; set; } /// @@ -4096,7 +4097,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 9E393D93138888D288266C2D915214D1D1CCEB2A /// - [DataMember(Name = "client.hash.sha1")] + [JsonPropertyName("client.hash.sha1"), DataMember(Name = "client.hash.sha1")] public string ClientHashSha1 { get; set; } /// @@ -4104,7 +4105,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 /// - [DataMember(Name = "client.hash.sha256")] + [JsonPropertyName("client.hash.sha256"), DataMember(Name = "client.hash.sha256")] public string ClientHashSha256 { get; set; } /// @@ -4112,7 +4113,7 @@ public abstract class TlsFieldSet { /// Distinguished name of subject of the issuer of the x.509 certificate presented by the client. /// CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com /// - [DataMember(Name = "client.issuer")] + [JsonPropertyName("client.issuer"), DataMember(Name = "client.issuer")] public string ClientIssuer { get; set; } /// @@ -4120,7 +4121,7 @@ public abstract class TlsFieldSet { /// A hash that identifies clients based on how they perform an SSL/TLS handshake. /// d4e5b18d6b55c71272893221c96ba240 /// - [DataMember(Name = "client.ja3")] + [JsonPropertyName("client.ja3"), DataMember(Name = "client.ja3")] public string ClientJa3 { get; set; } /// @@ -4128,7 +4129,7 @@ public abstract class TlsFieldSet { /// Date/Time indicating when client certificate is no longer considered valid. /// 1/1/2021 12:00:00 AM /// - [DataMember(Name = "client.not_after")] + [JsonPropertyName("client.not_after"), DataMember(Name = "client.not_after")] public DateTimeOffset? ClientNotAfter { get; set; } /// @@ -4136,7 +4137,7 @@ public abstract class TlsFieldSet { /// Date/Time indicating when client certificate is first considered valid. /// 1/1/1970 12:00:00 AM /// - [DataMember(Name = "client.not_before")] + [JsonPropertyName("client.not_before"), DataMember(Name = "client.not_before")] public DateTimeOffset? ClientNotBefore { get; set; } /// @@ -4144,7 +4145,7 @@ public abstract class TlsFieldSet { /// Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. /// www.elastic.co /// - [DataMember(Name = "client.server_name")] + [JsonPropertyName("client.server_name"), DataMember(Name = "client.server_name")] public string ClientServerName { get; set; } /// @@ -4152,7 +4153,7 @@ public abstract class TlsFieldSet { /// Distinguished name of subject of the x.509 certificate presented by the client. /// CN=myclient, OU=Documentation Team, DC=example, DC=com /// - [DataMember(Name = "client.subject")] + [JsonPropertyName("client.subject"), DataMember(Name = "client.subject")] public string ClientSubject { get; set; } /// @@ -4160,7 +4161,7 @@ public abstract class TlsFieldSet { /// Array of ciphers offered by the client during the client hello. /// ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."] /// - [DataMember(Name = "client.supported_ciphers")] + [JsonPropertyName("client.supported_ciphers"), DataMember(Name = "client.supported_ciphers")] public string[] ClientSupportedCiphers { get; set; } /// @@ -4168,7 +4169,7 @@ public abstract class TlsFieldSet { /// String indicating the curve used for the given cipher, when applicable. /// secp256r1 /// - [DataMember(Name = "curve")] + [JsonPropertyName("curve"), DataMember(Name = "curve")] public string Curve { get; set; } /// @@ -4176,7 +4177,7 @@ public abstract class TlsFieldSet { /// Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. /// /// - [DataMember(Name = "established")] + [JsonPropertyName("established"), DataMember(Name = "established")] public bool? Established { get; set; } /// @@ -4184,7 +4185,7 @@ public abstract class TlsFieldSet { /// String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. /// http/1.1 /// - [DataMember(Name = "next_protocol")] + [JsonPropertyName("next_protocol"), DataMember(Name = "next_protocol")] public string NextProtocol { get; set; } /// @@ -4192,7 +4193,7 @@ public abstract class TlsFieldSet { /// Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. /// /// - [DataMember(Name = "resumed")] + [JsonPropertyName("resumed"), DataMember(Name = "resumed")] public bool? Resumed { get; set; } /// @@ -4200,7 +4201,7 @@ public abstract class TlsFieldSet { /// PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. /// MII... /// - [DataMember(Name = "server.certificate")] + [JsonPropertyName("server.certificate"), DataMember(Name = "server.certificate")] public string ServerCertificate { get; set; } /// @@ -4208,7 +4209,7 @@ public abstract class TlsFieldSet { /// Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. /// ["MII...", "MII..."] /// - [DataMember(Name = "server.certificate_chain")] + [JsonPropertyName("server.certificate_chain"), DataMember(Name = "server.certificate_chain")] public string[] ServerCertificateChain { get; set; } /// @@ -4216,7 +4217,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC /// - [DataMember(Name = "server.hash.md5")] + [JsonPropertyName("server.hash.md5"), DataMember(Name = "server.hash.md5")] public string ServerHashMd5 { get; set; } /// @@ -4224,7 +4225,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 9E393D93138888D288266C2D915214D1D1CCEB2A /// - [DataMember(Name = "server.hash.sha1")] + [JsonPropertyName("server.hash.sha1"), DataMember(Name = "server.hash.sha1")] public string ServerHashSha1 { get; set; } /// @@ -4232,7 +4233,7 @@ public abstract class TlsFieldSet { /// Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. /// 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 /// - [DataMember(Name = "server.hash.sha256")] + [JsonPropertyName("server.hash.sha256"), DataMember(Name = "server.hash.sha256")] public string ServerHashSha256 { get; set; } /// @@ -4240,7 +4241,7 @@ public abstract class TlsFieldSet { /// Subject of the issuer of the x.509 certificate presented by the server. /// CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com /// - [DataMember(Name = "server.issuer")] + [JsonPropertyName("server.issuer"), DataMember(Name = "server.issuer")] public string ServerIssuer { get; set; } /// @@ -4248,7 +4249,7 @@ public abstract class TlsFieldSet { /// A hash that identifies servers based on how they perform an SSL/TLS handshake. /// 394441ab65754e2207b1e1b457b3641d /// - [DataMember(Name = "server.ja3s")] + [JsonPropertyName("server.ja3s"), DataMember(Name = "server.ja3s")] public string ServerJa3s { get; set; } /// @@ -4256,7 +4257,7 @@ public abstract class TlsFieldSet { /// Timestamp indicating when server certificate is no longer considered valid. /// 1/1/2021 12:00:00 AM /// - [DataMember(Name = "server.not_after")] + [JsonPropertyName("server.not_after"), DataMember(Name = "server.not_after")] public DateTimeOffset? ServerNotAfter { get; set; } /// @@ -4264,7 +4265,7 @@ public abstract class TlsFieldSet { /// Timestamp indicating when server certificate is first considered valid. /// 1/1/1970 12:00:00 AM /// - [DataMember(Name = "server.not_before")] + [JsonPropertyName("server.not_before"), DataMember(Name = "server.not_before")] public DateTimeOffset? ServerNotBefore { get; set; } /// @@ -4272,7 +4273,7 @@ public abstract class TlsFieldSet { /// Subject of the x.509 certificate presented by the server. /// CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com /// - [DataMember(Name = "server.subject")] + [JsonPropertyName("server.subject"), DataMember(Name = "server.subject")] public string ServerSubject { get; set; } /// @@ -4280,7 +4281,7 @@ public abstract class TlsFieldSet { /// Numeric part of the version parsed from the original string. /// 1.2 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } /// @@ -4288,7 +4289,7 @@ public abstract class TlsFieldSet { /// Normalized lowercase protocol name parsed from original string. /// tls /// - [DataMember(Name = "version_protocol")] + [JsonPropertyName("version_protocol"), DataMember(Name = "version_protocol")] public string VersionProtocol { get; set; } } @@ -4304,7 +4305,7 @@ public abstract class UrlFieldSet { /// If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. /// www.elastic.co /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -4315,7 +4316,7 @@ public abstract class UrlFieldSet { /// Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). /// png /// - [DataMember(Name = "extension")] + [JsonPropertyName("extension"), DataMember(Name = "extension")] public string Extension { get; set; } /// @@ -4324,7 +4325,7 @@ public abstract class UrlFieldSet { /// The `#` is not part of the fragment. /// /// - [DataMember(Name = "fragment")] + [JsonPropertyName("fragment"), DataMember(Name = "fragment")] public string Fragment { get; set; } /// @@ -4332,7 +4333,7 @@ public abstract class UrlFieldSet { /// If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. /// https://www.elastic.co:443/search?q=elasticsearch#top /// - [DataMember(Name = "full")] + [JsonPropertyName("full"), DataMember(Name = "full")] public string Full { get; set; } /// @@ -4342,7 +4343,7 @@ public abstract class UrlFieldSet { /// This field is meant to represent the URL as it was observed, complete or not. /// https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch /// - [DataMember(Name = "original")] + [JsonPropertyName("original"), DataMember(Name = "original")] public string Original { get; set; } /// @@ -4350,7 +4351,7 @@ public abstract class UrlFieldSet { /// Password of the request. /// /// - [DataMember(Name = "password")] + [JsonPropertyName("password"), DataMember(Name = "password")] public string Password { get; set; } /// @@ -4358,7 +4359,7 @@ public abstract class UrlFieldSet { /// Path of the request, such as "/search". /// /// - [DataMember(Name = "path")] + [JsonPropertyName("path"), DataMember(Name = "path")] public string Path { get; set; } /// @@ -4366,7 +4367,7 @@ public abstract class UrlFieldSet { /// Port of the request, such as 443. /// 443 /// - [DataMember(Name = "port")] + [JsonPropertyName("port"), DataMember(Name = "port")] public long? Port { get; set; } /// @@ -4375,7 +4376,7 @@ public abstract class UrlFieldSet { /// The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. /// /// - [DataMember(Name = "query")] + [JsonPropertyName("query"), DataMember(Name = "query")] public string Query { get; set; } /// @@ -4385,7 +4386,7 @@ public abstract class UrlFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". /// example.com /// - [DataMember(Name = "registered_domain")] + [JsonPropertyName("registered_domain"), DataMember(Name = "registered_domain")] public string RegisteredDomain { get; set; } /// @@ -4394,7 +4395,7 @@ public abstract class UrlFieldSet { /// Note: The `:` is not part of the scheme. /// https /// - [DataMember(Name = "scheme")] + [JsonPropertyName("scheme"), DataMember(Name = "scheme")] public string Scheme { get; set; } /// @@ -4403,7 +4404,7 @@ public abstract class UrlFieldSet { /// For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. /// east /// - [DataMember(Name = "subdomain")] + [JsonPropertyName("subdomain"), DataMember(Name = "subdomain")] public string Subdomain { get; set; } /// @@ -4412,7 +4413,7 @@ public abstract class UrlFieldSet { /// This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". /// co.uk /// - [DataMember(Name = "top_level_domain")] + [JsonPropertyName("top_level_domain"), DataMember(Name = "top_level_domain")] public string TopLevelDomain { get; set; } /// @@ -4420,7 +4421,7 @@ public abstract class UrlFieldSet { /// Username of the request. /// /// - [DataMember(Name = "username")] + [JsonPropertyName("username"), DataMember(Name = "username")] public string Username { get; set; } } @@ -4435,7 +4436,7 @@ public abstract class UserFieldSet { /// For example, an LDAP or Active Directory domain name. /// /// - [DataMember(Name = "domain")] + [JsonPropertyName("domain"), DataMember(Name = "domain")] public string Domain { get; set; } /// @@ -4443,7 +4444,7 @@ public abstract class UserFieldSet { /// User email address. /// /// - [DataMember(Name = "email")] + [JsonPropertyName("email"), DataMember(Name = "email")] public string Email { get; set; } /// @@ -4451,7 +4452,7 @@ public abstract class UserFieldSet { /// User's full name, if available. /// Albert Einstein /// - [DataMember(Name = "full_name")] + [JsonPropertyName("full_name"), DataMember(Name = "full_name")] public string FullName { get; set; } /// @@ -4460,7 +4461,7 @@ public abstract class UserFieldSet { /// Useful if `user.id` or `user.name` contain confidential information and cannot be used. /// /// - [DataMember(Name = "hash")] + [JsonPropertyName("hash"), DataMember(Name = "hash")] public string Hash { get; set; } /// @@ -4468,7 +4469,7 @@ public abstract class UserFieldSet { /// Unique identifier of the user. /// S-1-5-21-202424912787-2692429404-2351956786-1000 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -4476,7 +4477,7 @@ public abstract class UserFieldSet { /// Short name or login of the user. /// a.einstein /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -4484,7 +4485,7 @@ public abstract class UserFieldSet { /// Array of user roles at the time of the event. /// ["kibana_admin", "reporting_user"] /// - [DataMember(Name = "roles")] + [JsonPropertyName("roles"), DataMember(Name = "roles")] public string[] Roles { get; set; } } @@ -4498,7 +4499,7 @@ public abstract class UserAgentFieldSet { /// Name of the device. /// iPhone /// - [DataMember(Name = "device.name")] + [JsonPropertyName("device.name"), DataMember(Name = "device.name")] public string DeviceName { get; set; } /// @@ -4506,7 +4507,7 @@ public abstract class UserAgentFieldSet { /// Name of the user agent. /// Safari /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } /// @@ -4514,7 +4515,7 @@ public abstract class UserAgentFieldSet { /// Unparsed user_agent string. /// Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 /// - [DataMember(Name = "original")] + [JsonPropertyName("original"), DataMember(Name = "original")] public string Original { get; set; } /// @@ -4522,7 +4523,7 @@ public abstract class UserAgentFieldSet { /// Version of the user agent. /// 12.0 /// - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -4536,7 +4537,7 @@ public abstract class VlanFieldSet { /// VLAN ID as reported by the observer. /// 10 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -4544,7 +4545,7 @@ public abstract class VlanFieldSet { /// Optional VLAN name as reported by the observer. /// outside /// - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } } @@ -4559,7 +4560,7 @@ public abstract class VulnerabilityFieldSet { /// This field must be an array. /// ["Firewall"] /// - [DataMember(Name = "category")] + [JsonPropertyName("category"), DataMember(Name = "category")] public string[] Category { get; set; } /// @@ -4567,7 +4568,7 @@ public abstract class VulnerabilityFieldSet { /// The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) /// CVSS /// - [DataMember(Name = "classification")] + [JsonPropertyName("classification"), DataMember(Name = "classification")] public string Classification { get; set; } /// @@ -4575,7 +4576,7 @@ public abstract class VulnerabilityFieldSet { /// The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) /// In macOS before 2.12.6, there is a vulnerability in the RPC... /// - [DataMember(Name = "description")] + [JsonPropertyName("description"), DataMember(Name = "description")] public string Description { get; set; } /// @@ -4583,7 +4584,7 @@ public abstract class VulnerabilityFieldSet { /// The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) /// CVE /// - [DataMember(Name = "enumeration")] + [JsonPropertyName("enumeration"), DataMember(Name = "enumeration")] public string Enumeration { get; set; } /// @@ -4591,7 +4592,7 @@ public abstract class VulnerabilityFieldSet { /// The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] /// CVE-2019-00001 /// - [DataMember(Name = "id")] + [JsonPropertyName("id"), DataMember(Name = "id")] public string Id { get; set; } /// @@ -4599,7 +4600,7 @@ public abstract class VulnerabilityFieldSet { /// A resource that provides additional information, context, and mitigations for the identified vulnerability. /// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 /// - [DataMember(Name = "reference")] + [JsonPropertyName("reference"), DataMember(Name = "reference")] public string Reference { get; set; } /// @@ -4607,7 +4608,7 @@ public abstract class VulnerabilityFieldSet { /// The report or scan identification number. /// 20191018.0001 /// - [DataMember(Name = "report_id")] + [JsonPropertyName("report_id"), DataMember(Name = "report_id")] public string ReportId { get; set; } /// @@ -4615,7 +4616,7 @@ public abstract class VulnerabilityFieldSet { /// The name of the vulnerability scanner vendor. /// Tenable /// - [DataMember(Name = "scanner.vendor")] + [JsonPropertyName("scanner.vendor"), DataMember(Name = "scanner.vendor")] public string ScannerVendor { get; set; } /// @@ -4624,7 +4625,7 @@ public abstract class VulnerabilityFieldSet { /// Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) /// 5.5 /// - [DataMember(Name = "score.base")] + [JsonPropertyName("score.base"), DataMember(Name = "score.base")] public float? ScoreBase { get; set; } /// @@ -4633,7 +4634,7 @@ public abstract class VulnerabilityFieldSet { /// Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) /// 5.5 /// - [DataMember(Name = "score.environmental")] + [JsonPropertyName("score.environmental"), DataMember(Name = "score.environmental")] public float? ScoreEnvironmental { get; set; } /// @@ -4642,7 +4643,7 @@ public abstract class VulnerabilityFieldSet { /// Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) /// /// - [DataMember(Name = "score.temporal")] + [JsonPropertyName("score.temporal"), DataMember(Name = "score.temporal")] public float? ScoreTemporal { get; set; } /// @@ -4651,7 +4652,7 @@ public abstract class VulnerabilityFieldSet { /// CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) /// 2.0 /// - [DataMember(Name = "score.version")] + [JsonPropertyName("score.version"), DataMember(Name = "score.version")] public string ScoreVersion { get; set; } /// @@ -4659,7 +4660,7 @@ public abstract class VulnerabilityFieldSet { /// The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) /// Critical /// - [DataMember(Name = "severity")] + [JsonPropertyName("severity"), DataMember(Name = "severity")] public string Severity { get; set; } } @@ -4673,7 +4674,7 @@ public abstract class X509FieldSet { /// List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. /// *.elastic.co /// - [DataMember(Name = "alternative_names")] + [JsonPropertyName("alternative_names"), DataMember(Name = "alternative_names")] public string[] AlternativeNames { get; set; } /// @@ -4681,7 +4682,7 @@ public abstract class X509FieldSet { /// List of common name (CN) of issuing certificate authority. /// Example SHA2 High Assurance Server CA /// - [DataMember(Name = "issuer.common_name")] + [JsonPropertyName("issuer.common_name"), DataMember(Name = "issuer.common_name")] public string[] IssuerCommonName { get; set; } /// @@ -4689,7 +4690,7 @@ public abstract class X509FieldSet { /// List of country \(C) codes /// US /// - [DataMember(Name = "issuer.country")] + [JsonPropertyName("issuer.country"), DataMember(Name = "issuer.country")] public string[] IssuerCountry { get; set; } /// @@ -4697,7 +4698,7 @@ public abstract class X509FieldSet { /// Distinguished name (DN) of issuing certificate authority. /// C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA /// - [DataMember(Name = "issuer.distinguished_name")] + [JsonPropertyName("issuer.distinguished_name"), DataMember(Name = "issuer.distinguished_name")] public string IssuerDistinguishedName { get; set; } /// @@ -4705,7 +4706,7 @@ public abstract class X509FieldSet { /// List of locality names (L) /// Mountain View /// - [DataMember(Name = "issuer.locality")] + [JsonPropertyName("issuer.locality"), DataMember(Name = "issuer.locality")] public string[] IssuerLocality { get; set; } /// @@ -4713,7 +4714,7 @@ public abstract class X509FieldSet { /// List of organizations (O) of issuing certificate authority. /// Example Inc /// - [DataMember(Name = "issuer.organization")] + [JsonPropertyName("issuer.organization"), DataMember(Name = "issuer.organization")] public string[] IssuerOrganization { get; set; } /// @@ -4721,7 +4722,7 @@ public abstract class X509FieldSet { /// List of organizational units (OU) of issuing certificate authority. /// www.example.com /// - [DataMember(Name = "issuer.organizational_unit")] + [JsonPropertyName("issuer.organizational_unit"), DataMember(Name = "issuer.organizational_unit")] public string[] IssuerOrganizationalUnit { get; set; } /// @@ -4729,7 +4730,7 @@ public abstract class X509FieldSet { /// List of state or province names (ST, S, or P) /// California /// - [DataMember(Name = "issuer.state_or_province")] + [JsonPropertyName("issuer.state_or_province"), DataMember(Name = "issuer.state_or_province")] public string[] IssuerStateOrProvince { get; set; } /// @@ -4737,7 +4738,7 @@ public abstract class X509FieldSet { /// Time at which the certificate is no longer considered valid. /// 7/16/2020 3:15:39 AM /// - [DataMember(Name = "not_after")] + [JsonPropertyName("not_after"), DataMember(Name = "not_after")] public DateTimeOffset? NotAfter { get; set; } /// @@ -4745,7 +4746,7 @@ public abstract class X509FieldSet { /// Time at which the certificate is first considered valid. /// 8/16/2019 1:40:25 AM /// - [DataMember(Name = "not_before")] + [JsonPropertyName("not_before"), DataMember(Name = "not_before")] public DateTimeOffset? NotBefore { get; set; } /// @@ -4753,7 +4754,7 @@ public abstract class X509FieldSet { /// Algorithm used to generate the public key. /// RSA /// - [DataMember(Name = "public_key_algorithm")] + [JsonPropertyName("public_key_algorithm"), DataMember(Name = "public_key_algorithm")] public string PublicKeyAlgorithm { get; set; } /// @@ -4761,7 +4762,7 @@ public abstract class X509FieldSet { /// The curve used by the elliptic curve public key algorithm. This is algorithm specific. /// nistp521 /// - [DataMember(Name = "public_key_curve")] + [JsonPropertyName("public_key_curve"), DataMember(Name = "public_key_curve")] public string PublicKeyCurve { get; set; } /// @@ -4770,7 +4771,7 @@ public abstract class X509FieldSet { ///
Stored but not available for search in Elasticsearch by default /// 65537 /// - [DataMember(Name = "public_key_exponent")] + [JsonPropertyName("public_key_exponent"), DataMember(Name = "public_key_exponent")] public long? PublicKeyExponent { get; set; } /// @@ -4778,7 +4779,7 @@ public abstract class X509FieldSet { /// The size of the public key space in bits. /// 2048 /// - [DataMember(Name = "public_key_size")] + [JsonPropertyName("public_key_size"), DataMember(Name = "public_key_size")] public long? PublicKeySize { get; set; } /// @@ -4786,7 +4787,7 @@ public abstract class X509FieldSet { /// Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. /// 55FBB9C7DEBF09809D12CCAA /// - [DataMember(Name = "serial_number")] + [JsonPropertyName("serial_number"), DataMember(Name = "serial_number")] public string SerialNumber { get; set; } /// @@ -4794,7 +4795,7 @@ public abstract class X509FieldSet { /// Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. /// SHA256-RSA /// - [DataMember(Name = "signature_algorithm")] + [JsonPropertyName("signature_algorithm"), DataMember(Name = "signature_algorithm")] public string SignatureAlgorithm { get; set; } /// @@ -4802,7 +4803,7 @@ public abstract class X509FieldSet { /// List of common names (CN) of subject. /// shared.global.example.net /// - [DataMember(Name = "subject.common_name")] + [JsonPropertyName("subject.common_name"), DataMember(Name = "subject.common_name")] public string[] SubjectCommonName { get; set; } /// @@ -4810,7 +4811,7 @@ public abstract class X509FieldSet { /// List of country \(C) code /// US /// - [DataMember(Name = "subject.country")] + [JsonPropertyName("subject.country"), DataMember(Name = "subject.country")] public string[] SubjectCountry { get; set; } /// @@ -4818,7 +4819,7 @@ public abstract class X509FieldSet { /// Distinguished name (DN) of the certificate subject entity. /// C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net /// - [DataMember(Name = "subject.distinguished_name")] + [JsonPropertyName("subject.distinguished_name"), DataMember(Name = "subject.distinguished_name")] public string SubjectDistinguishedName { get; set; } /// @@ -4826,7 +4827,7 @@ public abstract class X509FieldSet { /// List of locality names (L) /// San Francisco /// - [DataMember(Name = "subject.locality")] + [JsonPropertyName("subject.locality"), DataMember(Name = "subject.locality")] public string[] SubjectLocality { get; set; } /// @@ -4834,7 +4835,7 @@ public abstract class X509FieldSet { /// List of organizations (O) of subject. /// Example, Inc. /// - [DataMember(Name = "subject.organization")] + [JsonPropertyName("subject.organization"), DataMember(Name = "subject.organization")] public string[] SubjectOrganization { get; set; } /// @@ -4842,7 +4843,7 @@ public abstract class X509FieldSet { /// List of organizational units (OU) of subject. /// /// - [DataMember(Name = "subject.organizational_unit")] + [JsonPropertyName("subject.organizational_unit"), DataMember(Name = "subject.organizational_unit")] public string[] SubjectOrganizationalUnit { get; set; } /// @@ -4850,7 +4851,7 @@ public abstract class X509FieldSet { /// List of state or province names (ST, S, or P) /// California /// - [DataMember(Name = "subject.state_or_province")] + [JsonPropertyName("subject.state_or_province"), DataMember(Name = "subject.state_or_province")] public string[] SubjectStateOrProvince { get; set; } /// @@ -4858,7 +4859,7 @@ public abstract class X509FieldSet { /// Version of x509 format. /// 3 /// - [DataMember(Name = "version_number")] + [JsonPropertyName("version_number"), DataMember(Name = "version_number")] public string VersionNumber { get; set; } } } diff --git a/src/Elastic.CommonSchema/IndexComponents.Generated.cs b/src/Elastic.CommonSchema/IndexComponents.Generated.cs index ff0926df..cdff09fc 100644 --- a/src/Elastic.CommonSchema/IndexComponents.Generated.cs +++ b/src/Elastic.CommonSchema/IndexComponents.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.Elasticsearch { diff --git a/src/Elastic.CommonSchema/IndexTemplates.Generated.cs b/src/Elastic.CommonSchema/IndexTemplates.Generated.cs index cfc913bf..76b2bcd5 100644 --- a/src/Elastic.CommonSchema/IndexTemplates.Generated.cs +++ b/src/Elastic.CommonSchema/IndexTemplates.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema.Elasticsearch { diff --git a/src/Elastic.CommonSchema/InlineObjects.Generated.cs b/src/Elastic.CommonSchema/InlineObjects.Generated.cs index caa6a02c..3b8c397c 100644 --- a/src/Elastic.CommonSchema/InlineObjects.Generated.cs +++ b/src/Elastic.CommonSchema/InlineObjects.Generated.cs @@ -17,6 +17,7 @@ If you wish to submit a PR please modify the original csharp file and submit the using System.Linq; using System.Net; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -39,23 +40,23 @@ public class ContainerLabels : Dictionary { public class DnsAnswers { ///dns.answers.class - [DataMember(Name = "class")] + [JsonPropertyName("class"), DataMember(Name = "class")] public string Class { get; set; } ///dns.answers.data - [DataMember(Name = "data")] + [JsonPropertyName("data"), DataMember(Name = "data")] public string Data { get; set; } ///dns.answers.name - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } ///dns.answers.ttl - [DataMember(Name = "ttl")] + [JsonPropertyName("ttl"), DataMember(Name = "ttl")] public long? Ttl { get; set; } ///dns.answers.type - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -65,39 +66,39 @@ public class DnsAnswers { public class ElfSections { ///elf.sections.chi2 - [DataMember(Name = "chi2")] + [JsonPropertyName("chi2"), DataMember(Name = "chi2")] public long? Chi2 { get; set; } ///elf.sections.entropy - [DataMember(Name = "entropy")] + [JsonPropertyName("entropy"), DataMember(Name = "entropy")] public long? Entropy { get; set; } ///elf.sections.flags - [DataMember(Name = "flags")] + [JsonPropertyName("flags"), DataMember(Name = "flags")] public string Flags { get; set; } ///elf.sections.name - [DataMember(Name = "name")] + [JsonPropertyName("name"), DataMember(Name = "name")] public string Name { get; set; } ///elf.sections.physical_offset - [DataMember(Name = "physical_offset")] + [JsonPropertyName("physical_offset"), DataMember(Name = "physical_offset")] public string PhysicalOffset { get; set; } ///elf.sections.physical_size - [DataMember(Name = "physical_size")] + [JsonPropertyName("physical_size"), DataMember(Name = "physical_size")] public long? PhysicalSize { get; set; } ///elf.sections.type - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } ///elf.sections.virtual_address - [DataMember(Name = "virtual_address")] + [JsonPropertyName("virtual_address"), DataMember(Name = "virtual_address")] public long? VirtualAddress { get; set; } ///elf.sections.virtual_size - [DataMember(Name = "virtual_size")] + [JsonPropertyName("virtual_size"), DataMember(Name = "virtual_size")] public long? VirtualSize { get; set; } } @@ -107,11 +108,11 @@ public class ElfSections { public class ElfSegments { ///elf.segments.sections - [DataMember(Name = "sections")] + [JsonPropertyName("sections"), DataMember(Name = "sections")] public string Sections { get; set; } ///elf.segments.type - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -121,23 +122,23 @@ public class ElfSegments { public class EmailAttachments { ///email.attachments.file.extension - [DataMember(Name = "file.extension")] + [JsonPropertyName("file.extension"), DataMember(Name = "file.extension")] public string FileExtension { get; set; } ///email.attachments.file.mime_type - [DataMember(Name = "file.mime_type")] + [JsonPropertyName("file.mime_type"), DataMember(Name = "file.mime_type")] public string FileMimeType { get; set; } ///email.attachments.file.name - [DataMember(Name = "file.name")] + [JsonPropertyName("file.name"), DataMember(Name = "file.name")] public string FileName { get; set; } ///email.attachments.file.size - [DataMember(Name = "file.size")] + [JsonPropertyName("file.size"), DataMember(Name = "file.size")] public long? FileSize { get; set; } ///email.attachments.file.hash - [DataMember(Name = "file.hash")] + [JsonPropertyName("file.hash"), DataMember(Name = "file.hash")] public Hash FileHash { get; set; } } @@ -147,11 +148,11 @@ public class EmailAttachments { public class FaasTrigger { ///faas.trigger.request_id - [DataMember(Name = "request_id")] + [JsonPropertyName("request_id"), DataMember(Name = "request_id")] public string RequestId { get; set; } ///faas.trigger.type - [DataMember(Name = "type")] + [JsonPropertyName("type"), DataMember(Name = "type")] public string Type { get; set; } } @@ -161,47 +162,47 @@ public class FaasTrigger { public class LogSyslog { ///log.syslog.appname - [DataMember(Name = "appname")] + [JsonPropertyName("appname"), DataMember(Name = "appname")] public string Appname { get; set; } ///log.syslog.facility.code - [DataMember(Name = "facility.code")] + [JsonPropertyName("facility.code"), DataMember(Name = "facility.code")] public long? FacilityCode { get; set; } ///log.syslog.facility.name - [DataMember(Name = "facility.name")] + [JsonPropertyName("facility.name"), DataMember(Name = "facility.name")] public string FacilityName { get; set; } ///log.syslog.hostname - [DataMember(Name = "hostname")] + [JsonPropertyName("hostname"), DataMember(Name = "hostname")] public string Hostname { get; set; } ///log.syslog.msgid - [DataMember(Name = "msgid")] + [JsonPropertyName("msgid"), DataMember(Name = "msgid")] public string Msgid { get; set; } ///log.syslog.priority - [DataMember(Name = "priority")] + [JsonPropertyName("priority"), DataMember(Name = "priority")] public long? Priority { get; set; } ///log.syslog.procid - [DataMember(Name = "procid")] + [JsonPropertyName("procid"), DataMember(Name = "procid")] public string Procid { get; set; } ///log.syslog.severity.code - [DataMember(Name = "severity.code")] + [JsonPropertyName("severity.code"), DataMember(Name = "severity.code")] public long? SeverityCode { get; set; } ///log.syslog.severity.name - [DataMember(Name = "severity.name")] + [JsonPropertyName("severity.name"), DataMember(Name = "severity.name")] public string SeverityName { get; set; } ///log.syslog.structured_data - [DataMember(Name = "structured_data")] + [JsonPropertyName("structured_data"), DataMember(Name = "structured_data")] public string StructuredData { get; set; } ///log.syslog.version - [DataMember(Name = "version")] + [JsonPropertyName("version"), DataMember(Name = "version")] public string Version { get; set; } } @@ -211,7 +212,7 @@ public class LogSyslog { public class NetworkInner { ///network.inner.vlan - [DataMember(Name = "vlan")] + [JsonPropertyName("vlan"), DataMember(Name = "vlan")] public Vlan Vlan { get; set; } } @@ -221,15 +222,15 @@ public class NetworkInner { public class ObserverEgress { ///observer.egress.zone - [DataMember(Name = "zone")] + [JsonPropertyName("zone"), DataMember(Name = "zone")] public string Zone { get; set; } ///observer.egress.interface - [DataMember(Name = "interface")] + [JsonPropertyName("interface"), DataMember(Name = "interface")] public Interface Interface { get; set; } ///observer.egress.vlan - [DataMember(Name = "vlan")] + [JsonPropertyName("vlan"), DataMember(Name = "vlan")] public Vlan Vlan { get; set; } } @@ -239,15 +240,15 @@ public class ObserverEgress { public class ObserverIngress { ///observer.ingress.zone - [DataMember(Name = "zone")] + [JsonPropertyName("zone"), DataMember(Name = "zone")] public string Zone { get; set; } ///observer.ingress.interface - [DataMember(Name = "interface")] + [JsonPropertyName("interface"), DataMember(Name = "interface")] public Interface Interface { get; set; } ///observer.ingress.vlan - [DataMember(Name = "vlan")] + [JsonPropertyName("vlan"), DataMember(Name = "vlan")] public Vlan Vlan { get; set; } } @@ -263,11 +264,11 @@ public class ProcessEnvVars : Dictionary { public class ProcessTty { ///process.tty.char_device.major - [DataMember(Name = "char_device.major")] + [JsonPropertyName("char_device.major"), DataMember(Name = "char_device.major")] public long? CharDeviceMajor { get; set; } ///process.tty.char_device.minor - [DataMember(Name = "char_device.minor")] + [JsonPropertyName("char_device.minor"), DataMember(Name = "char_device.minor")] public long? CharDeviceMinor { get; set; } } @@ -277,111 +278,111 @@ public class ProcessTty { public class ThreatEnrichments { ///threat.enrichments.indicator - [DataMember(Name = "indicator")] + [JsonPropertyName("indicator"), DataMember(Name = "indicator")] public object Indicator { get; set; } ///threat.enrichments.indicator.confidence - [DataMember(Name = "indicator.confidence")] + [JsonPropertyName("indicator.confidence"), DataMember(Name = "indicator.confidence")] public string IndicatorConfidence { get; set; } ///threat.enrichments.indicator.description - [DataMember(Name = "indicator.description")] + [JsonPropertyName("indicator.description"), DataMember(Name = "indicator.description")] public string IndicatorDescription { get; set; } ///threat.enrichments.indicator.email.address - [DataMember(Name = "indicator.email.address")] + [JsonPropertyName("indicator.email.address"), DataMember(Name = "indicator.email.address")] public string IndicatorEmailAddress { get; set; } ///threat.enrichments.indicator.first_seen - [DataMember(Name = "indicator.first_seen")] + [JsonPropertyName("indicator.first_seen"), DataMember(Name = "indicator.first_seen")] public DateTimeOffset? IndicatorFirstSeen { get; set; } ///threat.enrichments.indicator.ip - [DataMember(Name = "indicator.ip")] + [JsonPropertyName("indicator.ip"), DataMember(Name = "indicator.ip")] public string IndicatorIp { get; set; } ///threat.enrichments.indicator.last_seen - [DataMember(Name = "indicator.last_seen")] + [JsonPropertyName("indicator.last_seen"), DataMember(Name = "indicator.last_seen")] public DateTimeOffset? IndicatorLastSeen { get; set; } ///threat.enrichments.indicator.marking.tlp - [DataMember(Name = "indicator.marking.tlp")] + [JsonPropertyName("indicator.marking.tlp"), DataMember(Name = "indicator.marking.tlp")] public string IndicatorMarkingTlp { get; set; } ///threat.enrichments.indicator.modified_at - [DataMember(Name = "indicator.modified_at")] + [JsonPropertyName("indicator.modified_at"), DataMember(Name = "indicator.modified_at")] public DateTimeOffset? IndicatorModifiedAt { get; set; } ///threat.enrichments.indicator.port - [DataMember(Name = "indicator.port")] + [JsonPropertyName("indicator.port"), DataMember(Name = "indicator.port")] public long? IndicatorPort { get; set; } ///threat.enrichments.indicator.provider - [DataMember(Name = "indicator.provider")] + [JsonPropertyName("indicator.provider"), DataMember(Name = "indicator.provider")] public string IndicatorProvider { get; set; } ///threat.enrichments.indicator.reference - [DataMember(Name = "indicator.reference")] + [JsonPropertyName("indicator.reference"), DataMember(Name = "indicator.reference")] public string IndicatorReference { get; set; } ///threat.enrichments.indicator.scanner_stats - [DataMember(Name = "indicator.scanner_stats")] + [JsonPropertyName("indicator.scanner_stats"), DataMember(Name = "indicator.scanner_stats")] public long? IndicatorScannerStats { get; set; } ///threat.enrichments.indicator.sightings - [DataMember(Name = "indicator.sightings")] + [JsonPropertyName("indicator.sightings"), DataMember(Name = "indicator.sightings")] public long? IndicatorSightings { get; set; } ///threat.enrichments.indicator.type - [DataMember(Name = "indicator.type")] + [JsonPropertyName("indicator.type"), DataMember(Name = "indicator.type")] public string IndicatorType { get; set; } ///threat.enrichments.matched.atomic - [DataMember(Name = "matched.atomic")] + [JsonPropertyName("matched.atomic"), DataMember(Name = "matched.atomic")] public string MatchedAtomic { get; set; } ///threat.enrichments.matched.field - [DataMember(Name = "matched.field")] + [JsonPropertyName("matched.field"), DataMember(Name = "matched.field")] public string MatchedField { get; set; } ///threat.enrichments.matched.id - [DataMember(Name = "matched.id")] + [JsonPropertyName("matched.id"), DataMember(Name = "matched.id")] public string MatchedId { get; set; } ///threat.enrichments.matched.index - [DataMember(Name = "matched.index")] + [JsonPropertyName("matched.index"), DataMember(Name = "matched.index")] public string MatchedIndex { get; set; } ///threat.enrichments.matched.occurred - [DataMember(Name = "matched.occurred")] + [JsonPropertyName("matched.occurred"), DataMember(Name = "matched.occurred")] public DateTimeOffset? MatchedOccurred { get; set; } ///threat.enrichments.matched.type - [DataMember(Name = "matched.type")] + [JsonPropertyName("matched.type"), DataMember(Name = "matched.type")] public string MatchedType { get; set; } ///threat.enrichments.indicator.x509 - [DataMember(Name = "indicator.x509")] + [JsonPropertyName("indicator.x509"), DataMember(Name = "indicator.x509")] public X509 IndicatorX509 { get; set; } ///threat.enrichments.indicator.as - [DataMember(Name = "indicator.as")] + [JsonPropertyName("indicator.as"), DataMember(Name = "indicator.as")] public As IndicatorAs { get; set; } ///threat.enrichments.indicator.file - [DataMember(Name = "indicator.file")] + [JsonPropertyName("indicator.file"), DataMember(Name = "indicator.file")] public File IndicatorFile { get; set; } ///threat.enrichments.indicator.geo - [DataMember(Name = "indicator.geo")] + [JsonPropertyName("indicator.geo"), DataMember(Name = "indicator.geo")] public Geo IndicatorGeo { get; set; } ///threat.enrichments.indicator.registry - [DataMember(Name = "indicator.registry")] + [JsonPropertyName("indicator.registry"), DataMember(Name = "indicator.registry")] public Registry IndicatorRegistry { get; set; } ///threat.enrichments.indicator.url - [DataMember(Name = "indicator.url")] + [JsonPropertyName("indicator.url"), DataMember(Name = "indicator.url")] public Url IndicatorUrl { get; set; } } } diff --git a/src/Elastic.CommonSchema/Location.cs b/src/Elastic.CommonSchema/Location.cs index 78051b47..f700ad31 100644 --- a/src/Elastic.CommonSchema/Location.cs +++ b/src/Elastic.CommonSchema/Location.cs @@ -5,6 +5,7 @@ using System; using System.Globalization; using System.Runtime.Serialization; +using System.Text.Json.Serialization; namespace Elastic.CommonSchema { @@ -22,13 +23,13 @@ public Location(double latitude, double longitude) /// /// Latitude /// - [DataMember(Name = "lat")] + [JsonPropertyName("lat"), DataMember(Name = "lat")] public double Latitude { get; } /// /// Longitude /// - [DataMember(Name = "lon")] + [JsonPropertyName("lon"), DataMember(Name = "lon")] public double Longitude { get; } public bool Equals(Location other) diff --git a/src/Elastic.CommonSchema/README.md b/src/Elastic.CommonSchema/README.md index 97a6ab39..827dc6f9 100644 --- a/src/Elastic.CommonSchema/README.md +++ b/src/Elastic.CommonSchema/README.md @@ -153,7 +153,7 @@ The C# `EcsDocument` type includes a property called `Metadata` with the signatu /// /// Container for additional metadata against this event. /// -[DataMember(Name = "metadata")] +[JsonPropertyName("metadata"), DataMember(Name = "metadata")] public IDictionary Metadata { get; set; } ``` @@ -171,7 +171,7 @@ Through `TryRead`/`ReceiveProperty`/`WriteAdditionalProperties` you can hook int /// public class MyEcsDocument : EcsDocument { - [DataMember(Name = "my_root_property")] + [JsonPropertyName("my_root_property"), DataMember(Name = "my_root_property")] public MyCustomType MyRootProperty { get; set; } protected override bool TryRead(string propertyName, out Type type) diff --git a/src/Elasticsearch.Extensions.Logging/LogEvent.cs b/src/Elasticsearch.Extensions.Logging/LogEvent.cs index db886cd6..5fe83264 100644 --- a/src/Elasticsearch.Extensions.Logging/LogEvent.cs +++ b/src/Elasticsearch.Extensions.Logging/LogEvent.cs @@ -5,6 +5,7 @@ using System; using System.Collections.Generic; using System.Runtime.Serialization; +using System.Text.Json.Serialization; using Elastic.CommonSchema; using Elastic.CommonSchema.Serialization; @@ -20,13 +21,13 @@ public class LogEvent : EcsDocument /// Custom field with the original template used to generate the message, with token placeholders /// for inserted label values, e.g. "Unexpected error processing customer {CustomerId}." /// - [DataMember(Name = MessageTemplatePropertyName)] + [JsonPropertyName(MessageTemplatePropertyName), DataMember(Name=MessageTemplatePropertyName)] public string? MessageTemplate { get; set; } /// /// Custom field with an array of string formatted scope values, in the order added. /// - [DataMember(Name = ScopesPropertyName)] + [JsonPropertyName(ScopesPropertyName), DataMember(Name=ScopesPropertyName)] public IList? Scopes { get; set; } /// diff --git a/tests/Elastic.CommonSchema.Tests/Serializes.cs b/tests/Elastic.CommonSchema.Tests/Serializes.cs index 4b4aebbb..c6bcf9bf 100644 --- a/tests/Elastic.CommonSchema.Tests/Serializes.cs +++ b/tests/Elastic.CommonSchema.Tests/Serializes.cs @@ -5,6 +5,7 @@ using System; using System.Collections.Generic; using System.Runtime.Serialization; +using System.Text.Json.Serialization; using Elastic.CommonSchema.Serialization; using FluentAssertions; using Xunit; @@ -30,6 +31,19 @@ public void SerializesSomethingToString() deserialized.Log.Should().NotBeNull(); deserialized.Log.Level.Should().Be("debug"); } + [Fact] + public void SerializesNestedProperties() + { + var b = new EcsDocument { Http = new Http { RequestMethod = "GET" } }; + + var serialized = b.Serialize(); + serialized.Should().NotBeNullOrWhiteSpace(); + serialized.Should().Contain("\"request.method\":\"GET\""); + + var deserialized = EcsDocument.Deserialize(serialized); + deserialized.Http.Should().NotBeNull(); + deserialized.Http.RequestMethod.Should().Be("GET"); + } [Fact] public void SerializesMetadataPropertiesToSnakeCase() @@ -58,7 +72,7 @@ public void SerializesMetadataPropertiesToSnakeCase() public class SubclassedDocument : EcsDocument { - [DataMember(Name = "agent2")] + [JsonPropertyName("agent2")] public Agent Agent2 { get; set; } protected override bool TryRead(string propertyName, out Type type) @@ -83,7 +97,7 @@ protected override bool ReceiveProperty(string propertyName, object value) => public class SubClassedAgent : Agent { - [DataMember(Name = "another_name")] + [JsonPropertyName("another_name")] public string Name2 { get; set; } } @@ -112,6 +126,7 @@ public void SerializesSubClassProperties() serialized.Should().NotBeNullOrWhiteSpace(); serialized.Should().Contain("some-agent"); serialized.Should().Contain("log.level\":\"debug\""); + serialized.Should().Contain("another_name\":\"some-agent\""); var deserialized = EcsSerializerFactory.Deserialize(serialized); deserialized.Log.Should().NotBeNull();