-
Notifications
You must be signed in to change notification settings - Fork 5k
Expand file tree
/
Copy pathfields.yml
More file actions
102 lines (84 loc) · 2.78 KB
/
fields.yml
File metadata and controls
102 lines (84 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
- name: http
type: group
description: >
Fields exported by the Zeek HTTP log
fields:
- name: trans_depth
type: integer
description: >
Represents the pipelined depth into the connection of this request/response transaction.
- name: status_msg
type: keyword
description: >
Status message returned by the server.
- name: info_code
type: integer
description: >
Last seen 1xx informational reply code returned by the server.
- name: info_msg
type: keyword
description: >
Last seen 1xx informational reply message returned by the server.
- name: tags
type: keyword
description: |
A set of indicators of various attributes discovered and related to a particular
request/response pair.
- name: password
type: keyword
description: >
Password if basic-auth is performed for the request.
- name: captured_password
type: boolean
description: >
Determines if the password will be captured for this request.
- name: proxied
type: keyword
description: >
All of the headers that may indicate if the HTTP request was proxied.
- name: range_request
type: boolean
description: >
Indicates if this request can assume 206 partial content in response.
- name: client_header_names
type: keyword
description: |
The vector of HTTP header names sent by the client. No header values
are included here, just the header names.
- name: server_header_names
type: keyword
description: |
The vector of HTTP header names sent by the server. No header values
are included here, just the header names.
- name: orig_fuids
type: keyword
description: >
An ordered vector of file unique IDs from the originator.
- name: orig_mime_types
type: keyword
description: >
An ordered vector of mime types from the originator.
- name: orig_filenames
type: keyword
description: >
An ordered vector of filenames from the originator.
- name: resp_fuids
type: keyword
description: >
An ordered vector of file unique IDs from the responder.
- name: resp_mime_types
type: keyword
description: >
An ordered vector of mime types from the responder.
- name: resp_filenames
type: keyword
description: >
An ordered vector of filenames from the responder.
- name: orig_mime_depth
type: integer
description: >
Current number of MIME entities in the HTTP request message body.
- name: resp_mime_depth
type: integer
description: >
Current number of MIME entities in the HTTP response message body.