diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 9613fb89e..a48bd93b0 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -22,6 +22,7 @@ Thanks, you're awesome :-) --> * Advanced `process.io` and `process.tty` fields to GA. #2317 * Added `threat.indicator.id`. #2324 * Added `process.group` to generated schemas. #2335 +* Added `file.origin_referrer_url` and `file.origin_url` #2348 #### Improvements diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index f2259fb87..f4b7bb699 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -4334,6 +4334,38 @@ example: `example.png` // =============================================================== +| +[[field-file-origin-referrer-url]] +<> + +a| The URL of the webpage that linked to the file. + +type: keyword + + + +example: `https://example.com` + +| extended + +// =============================================================== + +| +[[field-file-origin-url]] +<> + +a| The URL where the file is hosted. + +type: keyword + + + +example: `https://example.com/file.zip` + +| extended + +// =============================================================== + | [[field-file-owner]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 625206235..1f3f1ad79 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3019,6 +3019,20 @@ ignore_above: 1024 description: Name of the file including the extension, without the directory. example: example.png + - name: origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: owner level: extended type: keyword @@ -9657,6 +9671,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: enrichments.indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: enrichments.indicator.file.origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: enrichments.indicator.file.owner level: extended type: keyword @@ -11278,6 +11306,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: indicator.file.origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: indicator.file.owner level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 85f24dce1..4996577c0 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -364,6 +364,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1230,6 +1232,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1449,6 +1453,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev+exp,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev+exp,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev+exp,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev+exp,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev+exp,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev+exp,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev+exp,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 6e09b7f52..e0190aa4e 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -4966,6 +4966,28 @@ file.name: normalize: [] short: Name of the file including the extension, without the directory. type: keyword +file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + short: The URL of the webpage that linked to the file. + type: keyword +file.origin_url: + dashed_name: file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + short: The URL where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -15607,6 +15629,30 @@ threat.enrichments.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword +threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -18343,6 +18389,30 @@ threat.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword +threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 1f7f9648b..3cc9c8b0f 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -6012,6 +6012,28 @@ file: normalize: [] short: Name of the file including the extension, without the directory. type: keyword + file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + short: The URL of the webpage that linked to the file. + type: keyword + file.origin_url: + dashed_name: file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + short: The URL where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -18308,6 +18330,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword + threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -21050,6 +21096,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword + threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/experimental/generated/elasticsearch/composable/component/file.json b/experimental/generated/elasticsearch/composable/component/file.json index adb9d1d8e..8ebb30bc5 100644 --- a/experimental/generated/elasticsearch/composable/component/file.json +++ b/experimental/generated/elasticsearch/composable/component/file.json @@ -347,6 +347,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/composable/component/threat.json b/experimental/generated/elasticsearch/composable/component/threat.json index cdcbbd7ae..c27f97ed5 100644 --- a/experimental/generated/elasticsearch/composable/component/threat.json +++ b/experimental/generated/elasticsearch/composable/component/threat.json @@ -331,6 +331,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -1259,6 +1267,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 6b9172fe3..0baf80b58 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -1698,6 +1698,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -5584,6 +5592,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -6512,6 +6528,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 77f9536d9..24108292c 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2969,6 +2969,20 @@ ignore_above: 1024 description: Name of the file including the extension, without the directory. example: example.png + - name: origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: owner level: extended type: keyword @@ -9607,6 +9621,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: enrichments.indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: enrichments.indicator.file.origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: enrichments.indicator.file.owner level: extended type: keyword @@ -11228,6 +11256,20 @@ description: Name of the file including the extension, without the directory. example: example.png default_field: false + - name: indicator.file.origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + default_field: false + - name: indicator.file.origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip + default_field: false - name: indicator.file.owner level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index a7210ad73..3e7781deb 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -357,6 +357,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,file,file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,file,file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,file,file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,file,file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,file,file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,file,file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,file,file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,file,file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1223,6 +1225,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.enrichments.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.enrichments.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." @@ -1442,6 +1446,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.12.0-dev,true,threat,threat.indicator.file.mode,keyword,extended,,0640,Mode of the file in octal representation. 8.12.0-dev,true,threat,threat.indicator.file.mtime,date,extended,,,Last time the file content was modified. 8.12.0-dev,true,threat,threat.indicator.file.name,keyword,extended,,example.png,"Name of the file including the extension, without the directory." +8.12.0-dev,true,threat,threat.indicator.file.origin_referrer_url,keyword,extended,,https://example.com,The URL of the webpage that linked to the file. +8.12.0-dev,true,threat,threat.indicator.file.origin_url,keyword,extended,,https://example.com/file.zip,The URL where the file is hosted. 8.12.0-dev,true,threat,threat.indicator.file.owner,keyword,extended,,alice,File owner's username. 8.12.0-dev,true,threat,threat.indicator.file.path,keyword,extended,,/home/alice/example.png,"Full path to the file, including the file name." 8.12.0-dev,true,threat,threat.indicator.file.path.text,match_only_text,extended,,/home/alice/example.png,"Full path to the file, including the file name." diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 7e504589d..2d85edfd2 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -4897,6 +4897,28 @@ file.name: normalize: [] short: Name of the file including the extension, without the directory. type: keyword +file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + short: The URL of the webpage that linked to the file. + type: keyword +file.origin_url: + dashed_name: file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + short: The URL where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -15538,6 +15560,30 @@ threat.enrichments.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword +threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -18274,6 +18320,30 @@ threat.indicator.file.name: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword +threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword +threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index b08955b69..04badd271 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -5932,6 +5932,28 @@ file: normalize: [] short: Name of the file including the extension, without the directory. type: keyword + file.origin_referrer_url: + dashed_name: file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + short: The URL of the webpage that linked to the file. + type: keyword + file.origin_url: + dashed_name: file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + short: The URL where the file is hosted. + type: keyword file.owner: dashed_name: file-owner description: File owner's username. @@ -18228,6 +18250,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.enrichments.indicator.file.origin_referrer_url: + dashed_name: threat-enrichments-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.enrichments.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword + threat.enrichments.indicator.file.origin_url: + dashed_name: threat-enrichments-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.enrichments.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.enrichments.indicator.file.owner: dashed_name: threat-enrichments-indicator-file-owner description: File owner's username. @@ -20970,6 +21016,30 @@ threat: original_fieldset: file short: Name of the file including the extension, without the directory. type: keyword + threat.indicator.file.origin_referrer_url: + dashed_name: threat-indicator-file-origin-referrer-url + description: The URL of the webpage that linked to the file. + example: https://example.com + flat_name: threat.indicator.file.origin_referrer_url + ignore_above: 8192 + level: extended + name: origin_referrer_url + normalize: [] + original_fieldset: file + short: The URL of the webpage that linked to the file. + type: keyword + threat.indicator.file.origin_url: + dashed_name: threat-indicator-file-origin-url + description: The URL where the file is hosted. + example: https://example.com/file.zip + flat_name: threat.indicator.file.origin_url + ignore_above: 8192 + level: extended + name: origin_url + normalize: [] + original_fieldset: file + short: The URL where the file is hosted. + type: keyword threat.indicator.file.owner: dashed_name: threat-indicator-file-owner description: File owner's username. diff --git a/generated/elasticsearch/composable/component/file.json b/generated/elasticsearch/composable/component/file.json index cc12f10be..251095c01 100644 --- a/generated/elasticsearch/composable/component/file.json +++ b/generated/elasticsearch/composable/component/file.json @@ -347,6 +347,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/composable/component/threat.json b/generated/elasticsearch/composable/component/threat.json index c9030c416..d837e5736 100644 --- a/generated/elasticsearch/composable/component/threat.json +++ b/generated/elasticsearch/composable/component/threat.json @@ -331,6 +331,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -1259,6 +1267,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index 6725cae44..a6c73b58c 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -1656,6 +1656,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -5542,6 +5550,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" @@ -6470,6 +6486,14 @@ "ignore_above": 1024, "type": "keyword" }, + "origin_referrer_url": { + "ignore_above": 8192, + "type": "keyword" + }, + "origin_url": { + "ignore_above": 8192, + "type": "keyword" + }, "owner": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/file.yml b/schemas/file.yml index a5e3e76cf..d0772c0ab 100644 --- a/schemas/file.yml +++ b/schemas/file.yml @@ -225,3 +225,17 @@ short: A fork is additional data associated with a filesystem object. example: Zone.Identifer + + - name: origin_referrer_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL of the webpage that linked to the file. + example: https://example.com + + - name: origin_url + level: extended + type: keyword + ignore_above: 8192 + description: The URL where the file is hosted. + example: https://example.com/file.zip