forked from elastic/endpoint-package
-
Notifications
You must be signed in to change notification settings - Fork 0
/
custom_dns.yml
28 lines (25 loc) · 841 Bytes
/
custom_dns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
- name: dns
title: DNS
group: 2
short: Fields describing DNS queries and answers.
description: >
Fields describing DNS queries and answers.
DNS events should either represent a single DNS query prior to getting answers
(`dns.type:query`) or they should represent a full exchange and contain
the query details as well as all of the answers that were provided for this
query (`dns.type:answer`).
type: group
fields:
- name: Ext
level: custom
type: object
description: Object for all custom defined fields to live in.
- name: Ext.status
level: custom
type: long
description: DNS status field, uint32
- name: Ext.options
level: custom
type: keyword
description: DNS options field, uint64, representing as a keyword to avoid overflows in ES