IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Redis fields Suricata fields »
Elastic Docs Filebeat Reference [7.1] Exported fields

Google Santa fields

edit

Google Santa fields

edit

Santa Module

santa fields

edit
santa.action

type: keyword

example: EXEC

Action

santa.decision

type: keyword

example: ALLOW

Decision that santad took.

santa.reason

type: keyword

example: CERT

Reason for the decsision.

santa.mode

type: keyword

example: M

Operating mode of Santa.

disk fields

edit

Fields for DISKAPPEAR actions.

santa.disk.volume

The volume name.

santa.disk.bus

The disk bus protocol.

santa.disk.serial

The disk serial number.

santa.disk.bsdname

example: disk1s3

The disk BSD name.

santa.disk.model

example: APPLE SSD SM0512L

The disk model.

santa.disk.fs

example: apfs

The disk volume kind (filesystem type).

santa.disk.mount

The disk volume path.

certificate.common_name

type: keyword

Common name from code signing certificate.

certificate.sha256

type: keyword

SHA256 hash of code signing certificate.

hash.sha256

type: keyword

Hash of process executable.

« Redis fields Suricata fields »