Hosts

Hosts are computers, virtual machines or devices connected to the Internet with an IP address. Host fields include those that apply to the whole host (such as geolocation, or Internet routing) and those that apply to services observed on open ports.

Fields
Field NameValue TypeDescription
host
object
host.location
object
host.location.country_code
keyword
The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
host.location.registered_country_code
keyword
The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
host.location.coordinates
object
The estimated coordinates of the detected location.
host.location.coordinates.latitude
double
host.location.coordinates.longitude
double
host.location.city
text
The English name of the detected city.
host.location.timezone
text
The IANA time zone database name of the detected location.
host.location.province
text
The state or province name of the detected location.
host.location.registered_country
text
The English name of the registered country.
host.location.continent
keyword
The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
host.location.country
text
The English name of the detected country.
host.location.postal_code
keyword
The postal code (if applicable) of the detected location.
host.cloud
text
host.autonomous_system
object
host.autonomous_system.asn
unsigned_long
The ASN (autonomous system number) of the host's autonomous system.
host.autonomous_system.bgp_prefix
ip_range
The autonomous system's CIDR.
host.autonomous_system.country_code
keyword
The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
host.autonomous_system.description
text
Brief description of the autonomous system.
host.autonomous_system.name
text
The friendly name of the autonomous system.
host.autonomous_system.organization
text
The name of the organization managning the autonomous system.
host.name
text
host.operating_system
object
host.operating_system.language
text
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
host.operating_system.update
text
Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
host.operating_system.component_uniform_resource_identifiers
text
URIs of software components related to the identified software.
host.operating_system.other
object
Other attributes describing the identified software
host.operating_system.other.key
text
host.operating_system.other.value
text
host.operating_system.uniform_resource_identifier
text
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
host.operating_system.version
text
Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
host.operating_system.target_hw
text
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
host.operating_system.edition
text
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
host.operating_system.sw_edition
text
Characterizes how the product is tailored to a particular market or class of end users.
host.operating_system.part
keyword
Defines the class of this software, a for application, o for operating system, h for hardware devices.
host.operating_system.target_sw
text
Characterizes the software computing environment within which the product operates.
host.operating_system.source
text
Defines the source that this software information was derived from.
host.operating_system.vendor
text
Identifies the person or organization that manufactured or created the product.
host.operating_system.product
text
Identifies the most common and recognizable title or name of the product.
host.classifications
text
host.dns
object
host.dns.names
text
host.dns.reverse_dns
object
host.dns.reverse_dns.resolved_at
date
host.dns.reverse_dns.names
text
host.cdns
text
host.services
nested
host.services.smb
object
host.services.smb.smb_capabilities
object
Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
host.services.smb.smb_capabilities.smb_directory_leasing_support
boolean
Server supports directory leasing
host.services.smb.smb_capabilities.smb_encryption_support
boolean
Server supports encryption
host.services.smb.smb_capabilities.smb_leasing_support
boolean
Server supports Leasing
host.services.smb.smb_capabilities.smb_multichan_support
boolean
Server supports multiple channels per session
host.services.smb.smb_capabilities.smb_multicredit_support
boolean
Server supports multi-credit operations
host.services.smb.smb_capabilities.smb_persistent_handle_support
boolean
Server supports persistent handles
host.services.smb.smb_capabilities.smb_dfs_support
boolean
Server supports Distributed File System
host.services.smb.session_setup_log
object
host.services.smb.session_setup_log.target_name
text
host.services.smb.session_setup_log.header_log
object
host.services.smb.session_setup_log.header_log.status
unsigned_long
host.services.smb.session_setup_log.header_log.command
unsigned_long
host.services.smb.session_setup_log.header_log.credits
unsigned_long
host.services.smb.session_setup_log.header_log.flags
unsigned_long
host.services.smb.session_setup_log.header_log.protocol_id
text
host.services.smb.session_setup_log.negotiate_flags
unsigned_long
host.services.smb.session_setup_log.setup_flags
unsigned_long
host.services.smb.has_ntlm
boolean
Server supports the NTLM authentication method
host.services.smb.negotiation_log
object
host.services.smb.negotiation_log.security_mode
unsigned_long
host.services.smb.negotiation_log.server_guid
text
host.services.smb.negotiation_log.server_start_time
unsigned_long
host.services.smb.negotiation_log.system_time
unsigned_long
host.services.smb.negotiation_log.authentication_types
text
host.services.smb.negotiation_log.capabilities
unsigned_long
host.services.smb.negotiation_log.dialect_revision
unsigned_long
host.services.smb.negotiation_log.header_log
object
host.services.smb.negotiation_log.header_log.credits
unsigned_long
host.services.smb.negotiation_log.header_log.flags
unsigned_long
host.services.smb.negotiation_log.header_log.protocol_id
text
host.services.smb.negotiation_log.header_log.status
unsigned_long
host.services.smb.negotiation_log.header_log.command
unsigned_long
host.services.smb.ntlm
text
Native LAN manager
host.services.smb.smb_version
object
host.services.smb.smb_version.version_string
text
Full SMB Version String
host.services.smb.smb_version.major
unsigned_long
Major version
host.services.smb.smb_version.minor
unsigned_long
Minor version
host.services.smb.smb_version.revision
unsigned_long
Protocol Revision
host.services.smb.native_os
text
Server-identified operating system
host.services.smb.group_name
text
Default group name
host.services.smb.smbv1_support
boolean
host.services.postgres
object
host.services.postgres.supported_versions
text
host.services.postgres.transaction_status
text
host.services.postgres.authentication_mode
object
host.services.postgres.authentication_mode.mode
text
host.services.postgres.authentication_mode.payload
text
host.services.postgres.protocol_error
nested
host.services.postgres.protocol_error.value
text
host.services.postgres.protocol_error.key
text
host.services.postgres.startup_error
nested
host.services.postgres.startup_error.key
text
host.services.postgres.startup_error.value
text
host.services.ike
object
host.services.ike.v2
object
host.services.ike.v2.vendor_ids
text
host.services.ike.v2.accepted_proposal
boolean
host.services.ike.v2.notify_message_types
unsigned_long
host.services.ike.v1
object
host.services.ike.v1.accepted_proposal
boolean
Did the host accept our security proposal? When false, the host responded with an error.
host.services.ike.v1.notify_message_types
unsigned_long
Which types of NOTIFY messages did the host send us?
host.services.ike.v1.vendor_ids
text
The list of Vendor ID "extensions" the host claimed to support in its handshake
host.services.pc_anywhere
object
host.services.pc_anywhere.status
object
host.services.pc_anywhere.status.raw
text
Full 'ST' query response
host.services.pc_anywhere.status.in_use
boolean
Workstation is In Use if true, Available if false
host.services.pc_anywhere.name
text
Workstation Name, with padding bytes removed
host.services.pc_anywhere.nr
text
Full 'NR' query response
host.services.s7
object
host.services.s7.module_type
text
host.services.s7.module_id
text
host.services.s7.oem_id
text
host.services.s7.reserved_for_os
text
host.services.s7.hardware
text
host.services.s7.location
text
host.services.s7.serial_number
text
host.services.s7.system
text
host.services.s7.plant_id
text
host.services.s7.cpu_profile
text
host.services.s7.firmware
text
host.services.s7.copyright
text
host.services.s7.module
text
host.services.s7.memory_serial_number
text
host.services.sip
object
host.services.sip.code
integer
host.services.sip.server
text
Server software reported by service
host.services.sip.status
text
host.services.sip.version
text
SIP version
host.services.snmp
object
host.services.snmp.oid_physical
object
1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
host.services.snmp.oid_physical.firmware_rev
text
1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
host.services.snmp.oid_physical.hardware_rev
text
1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
host.services.snmp.oid_physical.mfg_name
text
1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
host.services.snmp.oid_physical.model_name
text
1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
host.services.snmp.oid_physical.name
text
1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
host.services.snmp.oid_physical.serial_num
text
1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
host.services.snmp.oid_physical.software_rev
text
1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
host.services.snmp.oid_system
object
1.3.6.1.2.1.1 - System Variables
host.services.snmp.oid_system.contact
text
1.3.6.1.2.1.1.4 - Contact info
host.services.snmp.oid_system.desc
text
1.3.6.1.2.1.1.1 - Description of entity
host.services.snmp.oid_system.init_time
unsigned_long
1.3.6.1.2.1.1.3 - 1/100ths of sec
host.services.snmp.oid_system.location
text
1.3.6.1.2.1.1.6 - Physical location
host.services.snmp.oid_system.name
text
1.3.6.1.2.1.1.5 - Name, usually FQDN
host.services.snmp.oid_system.object_id
text
1.3.6.1.2.1.1.2 - Vendor ID
host.services.snmp.oid_system.services
object
1.3.6.1.2.1.1.7 - Set of services offered by entity
host.services.snmp.oid_system.services.layer_4
boolean
End-to-end (e.g. IP hosts)
host.services.snmp.oid_system.services.layer_5
boolean
OSI layer 5
host.services.snmp.oid_system.services.layer_6
boolean
OSI layer 6
host.services.snmp.oid_system.services.layer_7
boolean
Applications (e.g. mail relays)
host.services.snmp.oid_system.services.layer_1
boolean
Physical (e.g. repeaters)
host.services.snmp.oid_system.services.layer_2
boolean
Datalink/subnetwork (e.g. bridges)
host.services.snmp.oid_system.services.layer_3
boolean
Internet (e.g. IP gateways)
host.services.snmp.oid_interfaces
object
1.3.6.1.2.1.2 - Interfaces
host.services.snmp.oid_interfaces.num_ifaces
unsigned_long
1.3.6.1.2.1.2.1 - Number of network interfaces
host.services.elasticsearch
object
host.services.elasticsearch.system_info
object
host.services.elasticsearch.system_info.name
text
Cluster Name
host.services.elasticsearch.system_info.tagline
text
Elasticsearch identifying tagline
host.services.elasticsearch.system_info.version
object
host.services.elasticsearch.system_info.version.min_idx_compat_ver
text
host.services.elasticsearch.system_info.version.build_snapshot
boolean
host.services.elasticsearch.system_info.version.lucene_version
text
host.services.elasticsearch.system_info.version.number
text
ES Cluster version
host.services.elasticsearch.system_info.version.build_flavor
text
host.services.elasticsearch.system_info.version.build_date
text
host.services.elasticsearch.system_info.version.build_hash
text
host.services.elasticsearch.system_info.version.build_type
text
host.services.elasticsearch.system_info.version.min_wire_compat_ver
text
host.services.elasticsearch.system_info.cluster_uuid
text
Cluster UUID
host.services.elasticsearch.http_info
object
host.services.elasticsearch.http_info.headers
nested
host.services.elasticsearch.http_info.headers.value
object
host.services.elasticsearch.http_info.headers.value.headers
text
host.services.elasticsearch.http_info.headers.key
text
host.services.elasticsearch.http_info.status
text
host.services.elasticsearch.http_info.status_code
integer
host.services.elasticsearch.node_info
object
host.services.elasticsearch.node_info.cluster_combined_info
object
host.services.elasticsearch.node_info.cluster_combined_info.timestamp
unsigned_long
host.services.elasticsearch.node_info.cluster_combined_info.uuid
text
host.services.elasticsearch.node_info.cluster_combined_info.filesystem
object
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes
unsigned_long
Available size in bytes
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.free
text
Human-friendly free size
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes
unsigned_long
Free size in bytes
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.total
text
Human-friendly total size
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes
unsigned_long
Total size in bytes
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.available
text
Human-friendly available size
host.services.elasticsearch.node_info.cluster_combined_info.indices
object
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs
object
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted
unsigned_long
Total number of deleted documents across all primary shards assigned to selected nodes
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs.count
unsigned_long
Total number of non-deleted documents across all primary shards assigned to selected nodes
host.services.elasticsearch.node_info.cluster_combined_info.indices.store
object
host.services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes
unsigned_long
Total size, in bytes, of all shards assigned to selected nodes
host.services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes
unsigned_long
A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities
host.services.elasticsearch.node_info.cluster_combined_info.indices.count
unsigned_long
Total number of indices with shards assigned to selected nodes
host.services.elasticsearch.node_info.cluster_combined_info.name
text
host.services.elasticsearch.node_info.cluster_combined_info.status
text
host.services.elasticsearch.node_info.nodes
object
host.services.elasticsearch.node_info.nodes.node_data
object
host.services.elasticsearch.node_info.nodes.node_data.ip
ip
host.services.elasticsearch.node_info.nodes.node_data.modules
object
host.services.elasticsearch.node_info.nodes.node_data.modules.elastic_version
text
host.services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins
text
host.services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl
boolean
host.services.elasticsearch.node_info.nodes.node_data.modules.java_version
text
host.services.elasticsearch.node_info.nodes.node_data.modules.name
text
host.services.elasticsearch.node_info.nodes.node_data.modules.version
text
host.services.elasticsearch.node_info.nodes.node_data.modules.class_name
text
host.services.elasticsearch.node_info.nodes.node_data.modules.desc
text
host.services.elasticsearch.node_info.nodes.node_data.build_flavor
text
host.services.elasticsearch.node_info.nodes.node_data.build_type
text
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list
object
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max
integer
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min
integer
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size
integer
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type
text
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive
text
host.services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer
unsigned_long
host.services.elasticsearch.node_info.nodes.node_data.version
text
host.services.elasticsearch.node_info.nodes.node_data.host
text
host.services.elasticsearch.node_info.nodes.node_data.os
object
host.services.elasticsearch.node_info.nodes.node_data.os.pretty_name
text
host.services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms
unsigned_long
host.services.elasticsearch.node_info.nodes.node_data.os.version
text
host.services.elasticsearch.node_info.nodes.node_data.os.allocated_proc
integer
host.services.elasticsearch.node_info.nodes.node_data.os.arch
text
host.services.elasticsearch.node_info.nodes.node_data.os.available_proc
integer
host.services.elasticsearch.node_info.nodes.node_data.os.name
text
host.services.elasticsearch.node_info.nodes.node_data.settings
object
host.services.elasticsearch.node_info.nodes.node_data.settings.cluster_name
text
host.services.elasticsearch.node_info.nodes.node_data.settings.node
object
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr
object
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml
object
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled
text
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory
text
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs
text
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed
text
host.services.elasticsearch.node_info.nodes.node_data.settings.node.name
text
host.services.elasticsearch.node_info.nodes.node_data.roles
text
host.services.elasticsearch.node_info.nodes.node_data.jvm
object
host.services.elasticsearch.node_info.nodes.node_data.jvm.start_time
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_name
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.version
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms
unsigned_long
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_version
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.gc
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.input_args
text
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor
text
host.services.elasticsearch.node_info.nodes.node_data.build_hash
text
host.services.elasticsearch.node_info.nodes.node_data.name
text
host.services.elasticsearch.node_info.nodes.node_data.ingest_processors
text
host.services.elasticsearch.node_info.nodes.node_name
text
host.services.tls
object
host.services.tls.cipher_selected
text
Cipher suite chosen for the exchange.
host.services.tls.ja3s
text
The JA3S fingerprint for this service.
host.services.tls.server_key_exchange
object
DEPRECATED (05/03/2021)
host.services.tls.server_key_exchange.dh_params
object
Diffie-Hellman key exchange parameters used.
host.services.tls.server_key_exchange.dh_params.group
object
Diffie-Hellman group details.
host.services.tls.server_key_exchange.dh_params.group.p
text
host.services.tls.server_key_exchange.dh_params.public_key
text
host.services.tls.server_key_exchange.ec_params
object
Elliptic-Curve key exchange parameters used.
host.services.tls.server_key_exchange.ec_params.public_key
text
host.services.tls.server_key_exchange.ec_params.named_curve
unsigned_long
Elliptic-Curve ID value.
host.services.tls.server_key_exchange.rsa_params
object
DEPRECATED (05/10/2021) - Can be found in the public key RSA details.
host.services.tls.server_key_exchange.rsa_params.public_key
object
host.services.tls.server_key_exchange.rsa_params.public_key.e
text
host.services.tls.server_key_exchange.rsa_params.public_key.n
text
host.services.tls.server_key_exchange.signature
text
DEPRECATED (05/10/2021)
host.services.tls.session_ticket
object
The new session ticket sent by the server to the client.
host.services.tls.session_ticket.lifetime_hint
unsigned_long
Hint from server about how long the session ticket should be stored.
host.services.tls.session_ticket.length
unsigned_long
host.services.tls.version_selected
text
Certificate version v1(0), v2(1), v3(2).
host.services.tls.certificates
object
Certificate and certificate chain details.
host.services.tls.certificates.chain_fps_sha_256
keyword
DEPRECATED (04/30/2021) - Use `chain` instead.
host.services.tls.certificates.leaf_data
object
The TBS Certificate information.
host.services.tls.certificates.leaf_data.pubkey_algorithm
text
Algorithm used to create the public key.
host.services.tls.certificates.leaf_data.signature
object
Certificate signature information.
host.services.tls.certificates.leaf_data.signature.self_signed
boolean
Denotes if the certificate was self signed.
host.services.tls.certificates.leaf_data.signature.signature_algorithm
keyword
Cryptographic algorithm used by the CA to sign this certificate.
host.services.tls.certificates.leaf_data.public_key
object
Subject public key information.
host.services.tls.certificates.leaf_data.public_key.dsa
object
host.services.tls.certificates.leaf_data.public_key.dsa.g
text
host.services.tls.certificates.leaf_data.public_key.dsa.p
text
host.services.tls.certificates.leaf_data.public_key.dsa.q
text
host.services.tls.certificates.leaf_data.public_key.dsa.y
text
host.services.tls.certificates.leaf_data.public_key.ecdsa
object
host.services.tls.certificates.leaf_data.public_key.ecdsa.curve
keyword
host.services.tls.certificates.leaf_data.public_key.ecdsa.gy
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.length
unsigned_long
host.services.tls.certificates.leaf_data.public_key.ecdsa.n
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.x
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.b
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.gx
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.pub
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.p
text
host.services.tls.certificates.leaf_data.public_key.ecdsa.y
text
host.services.tls.certificates.leaf_data.public_key.fingerprint
text
host.services.tls.certificates.leaf_data.public_key.key_algorithm
keyword
host.services.tls.certificates.leaf_data.public_key.rsa
object
host.services.tls.certificates.leaf_data.public_key.rsa.length
unsigned_long
host.services.tls.certificates.leaf_data.public_key.rsa.modulus
text
host.services.tls.certificates.leaf_data.public_key.rsa.exponent
text
host.services.tls.certificates.leaf_data.fingerprint
keyword
SHA256 fingerprint of the TBS certificate.
host.services.tls.certificates.leaf_data.names
text
Common names for the entity.
host.services.tls.certificates.leaf_data.tbs_fingerprint
keyword
Fingerprint of the TBS certificate.
host.services.tls.certificates.leaf_data.issuer
object
Issuer distinguished name attributes.
host.services.tls.certificates.leaf_data.issuer.street_address
text
host.services.tls.certificates.leaf_data.issuer.serial_number
keyword
host.services.tls.certificates.leaf_data.issuer.jurisdiction_locality
text
host.services.tls.certificates.leaf_data.issuer.jurisdiction_province
text
host.services.tls.certificates.leaf_data.issuer.locality
text
host.services.tls.certificates.leaf_data.issuer.organization
text
host.services.tls.certificates.leaf_data.issuer.country
text
host.services.tls.certificates.leaf_data.issuer.organizational_unit
text
host.services.tls.certificates.leaf_data.issuer.postal_code
keyword
host.services.tls.certificates.leaf_data.issuer.common_name
text
host.services.tls.certificates.leaf_data.issuer.jurisdiction_country
text
host.services.tls.certificates.leaf_data.issuer.province
text
host.services.tls.certificates.leaf_data.issuer.email_address
text
host.services.tls.certificates.leaf_data.issuer.organization_id
text
host.services.tls.certificates.leaf_data.issuer.domain_component
text
host.services.tls.certificates.leaf_data.subject
object
Subject distinguished name attributes.
host.services.tls.certificates.leaf_data.subject.organization
text
host.services.tls.certificates.leaf_data.subject.email_address
text
host.services.tls.certificates.leaf_data.subject.serial_number
keyword
host.services.tls.certificates.leaf_data.subject.common_name
text
host.services.tls.certificates.leaf_data.subject.organizational_unit
text
host.services.tls.certificates.leaf_data.subject.province
text
host.services.tls.certificates.leaf_data.subject.domain_component
text
host.services.tls.certificates.leaf_data.subject.jurisdiction_country
text
host.services.tls.certificates.leaf_data.subject.country
text
host.services.tls.certificates.leaf_data.subject.locality
text
host.services.tls.certificates.leaf_data.subject.organization_id
text
host.services.tls.certificates.leaf_data.subject.postal_code
keyword
host.services.tls.certificates.leaf_data.subject.jurisdiction_locality
text
host.services.tls.certificates.leaf_data.subject.jurisdiction_province
text
host.services.tls.certificates.leaf_data.subject.street_address
text
host.services.tls.certificates.leaf_data.issuer_dn
text
Distinguished name of the entity that has signed and issued the certificate.
host.services.tls.certificates.leaf_data.pubkey_bit_size
integer
Size of the public key.
host.services.tls.certificates.leaf_data.subject_dn
text
Distinguished name of the entity associated with the public key.
host.services.tls.certificates.leaf_fp_sha_256
keyword
SHA 256 fingerprint of the TBS certificate.
host.services.tls.certificates.chain
object
Certificate chain information.
host.services.tls.certificates.chain.issuer_dn
text
Distinguished name of the entity that has signed and issued the certificate.
host.services.tls.certificates.chain.subject_dn
text
Distinguished name of the entity that the certificate belongs to.
host.services.tls.certificates.chain.fingerprint
keyword
SHA 256 fingerprint of the certificate in the certificate chain.
host.services.mqtt
object
host.services.mqtt.connection_ack_return
object
host.services.mqtt.connection_ack_return.raw
unsigned_long
Raw connect status value
host.services.mqtt.connection_ack_return.return_value
text
Connection status
host.services.mqtt.subscription_ack_return
object
host.services.mqtt.subscription_ack_return.raw
unsigned_long
Raw subscription response value
host.services.mqtt.subscription_ack_return.return_value
text
Subscription response
host.services.mqtt.connection_ack_raw
text
Raw CONNACK response packet
host.services.service_name
text
host.services.banner_hex
text
host.services.x11
object
host.services.x11.refusal_reason
text
host.services.x11.requires_authentication
boolean
host.services.x11.vendor
text
host.services.x11.version
text
host.services.team_viewer
object
host.services.team_viewer.response
text
host.services.banner
text
host.services.amqp
object
host.services.amqp.explicit_tls
boolean
Connected via a TLS connection after initial handshake
host.services.amqp.implicit_tls
boolean
Connected via a TLS wrapped connection (AMQPS)
host.services.amqp.protocol_id
object
host.services.amqp.protocol_id.id
unsigned_long
host.services.amqp.protocol_id.name
text
host.services.amqp.version
object
host.services.amqp.version.revision
unsigned_long
host.services.amqp.version.major
unsigned_long
host.services.amqp.version.minor
unsigned_long
host.services.extended_service_name
text
host.services.ssh
object
host.services.ssh.endpoint_id
object
host.services.ssh.endpoint_id.software_version
text
host.services.ssh.endpoint_id.comment
text
host.services.ssh.endpoint_id.protocol_version
text
host.services.ssh.endpoint_id.raw
text
host.services.ssh.hassh_fingerprint
text
host.services.ssh.kex_init_message
object
host.services.ssh.kex_init_message.host_key_algorithms
text
Asymmetric key algorithms for the host key supported by the client.
host.services.ssh.kex_init_message.server_to_client_ciphers
text
A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
host.services.ssh.kex_init_message.first_kex_follows
boolean
host.services.ssh.kex_init_message.kex_algorithms
text
Key exchange algorithms used in the handshake.
host.services.ssh.kex_init_message.server_to_client_languages
text
A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
host.services.ssh.kex_init_message.client_to_server_ciphers
text
A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
host.services.ssh.kex_init_message.client_to_server_languages
text
A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
host.services.ssh.kex_init_message.server_to_client_macs
text
A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
host.services.ssh.kex_init_message.server_to_client_compression
text
A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
host.services.ssh.kex_init_message.client_to_server_compression
text
A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
host.services.ssh.kex_init_message.client_to_server_macs
text
A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
host.services.ssh.server_host_key
object
host.services.ssh.server_host_key.certkey_public_key
text
host.services.ssh.server_host_key.dsa_public_key
object
host.services.ssh.server_host_key.dsa_public_key.y
text
host.services.ssh.server_host_key.dsa_public_key.g
text
host.services.ssh.server_host_key.dsa_public_key.p
text
host.services.ssh.server_host_key.dsa_public_key.q
text
host.services.ssh.server_host_key.ecdsa_public_key
object
host.services.ssh.server_host_key.ecdsa_public_key.p
text
host.services.ssh.server_host_key.ecdsa_public_key.pub
text
host.services.ssh.server_host_key.ecdsa_public_key.gx
text
host.services.ssh.server_host_key.ecdsa_public_key.length
unsigned_long
host.services.ssh.server_host_key.ecdsa_public_key.n
text
host.services.ssh.server_host_key.ecdsa_public_key.x
text
host.services.ssh.server_host_key.ecdsa_public_key.y
text
host.services.ssh.server_host_key.ecdsa_public_key.curve
keyword
host.services.ssh.server_host_key.ecdsa_public_key.gy
text
host.services.ssh.server_host_key.ecdsa_public_key.b
text
host.services.ssh.server_host_key.ed25519_public_key
object
host.services.ssh.server_host_key.ed25519_public_key.public_bytes
text
host.services.ssh.server_host_key.fingerprint_sha256
text
host.services.ssh.server_host_key.rsa_public_key
object
host.services.ssh.server_host_key.rsa_public_key.exponent
text
host.services.ssh.server_host_key.rsa_public_key.length
unsigned_long
host.services.ssh.server_host_key.rsa_public_key.modulus
text
host.services.ssh.algorithm_selection
object
host.services.ssh.algorithm_selection.client_to_server_alg_group
object
host.services.ssh.algorithm_selection.client_to_server_alg_group.compression
text
host.services.ssh.algorithm_selection.client_to_server_alg_group.mac
text
host.services.ssh.algorithm_selection.client_to_server_alg_group.cipher
text
host.services.ssh.algorithm_selection.host_key_algorithm
text
host.services.ssh.algorithm_selection.kex_algorithm
text
host.services.ssh.algorithm_selection.server_to_client_alg_group
object
host.services.ssh.algorithm_selection.server_to_client_alg_group.compression
text
host.services.ssh.algorithm_selection.server_to_client_alg_group.mac
text
host.services.ssh.algorithm_selection.server_to_client_alg_group.cipher
text
host.services.imap
object
host.services.imap.start_tls
text
The server's response to the STARTTLS command.
host.services.imap.banner
text
The IMAP banner.
host.services.port
integer
host.services.fox
object
host.services.fox.auth_agent_type
text
host.services.fox.hostid
text
host.services.fox.language
text
host.services.fox.vm_name
text
host.services.fox.app_version
text
host.services.fox.id
unsigned_long
host.services.fox.time_zone
text
host.services.fox.hostname
text
host.services.fox.station_name
text
host.services.fox.os_version
text
host.services.fox.vm_version
text
host.services.fox.sys_info
text
host.services.fox.version
text
host.services.fox.vm_uuid
text
host.services.fox.app_name
text
host.services.fox.brand_id
text
host.services.fox.os_name
text
host.services.fox.host_address
text
host.services.truncated
boolean
host.services.ntp
object
host.services.ntp.get_time_header
object
host.services.ntp.get_time_header.leap_indicator
unsigned_long
host.services.ntp.get_time_header.mode
unsigned_long
host.services.ntp.get_time_header.poll
integer
host.services.ntp.get_time_header.precision
integer
host.services.ntp.get_time_header.reference_id
text
host.services.ntp.get_time_header.stratum
unsigned_long
host.services.ntp.get_time_header.version
unsigned_long
host.services.dns
object
host.services.dns.r_code
text
host.services.dns.additionals
object
host.services.dns.additionals.type
text
host.services.dns.additionals.name
text
host.services.dns.additionals.response
text
host.services.dns.edns
object
host.services.dns.edns.options
text
host.services.dns.edns.udp
unsigned_long
host.services.dns.edns.version
unsigned_long
host.services.dns.edns.do
boolean
host.services.dns.resolves_correctly
boolean
host.services.dns.version
text
host.services.dns.answers
object
host.services.dns.answers.type
text
host.services.dns.answers.name
text
host.services.dns.answers.response
text
host.services.dns.authorities
object
host.services.dns.authorities.name
text
host.services.dns.authorities.response
text
host.services.dns.authorities.type
text
host.services.dns.questions
object
host.services.dns.questions.name
text
host.services.dns.questions.response
text
host.services.dns.questions.type
text
host.services.dns.server_type
text
host.services.banner_hashes
text
host.services.dnp3
object
host.services.dnp3.banner
text
host.services.http
object
host.services.http.request
object
host.services.http.request.headers
nested
host.services.http.request.headers.key
text
host.services.http.request.headers.value
object
host.services.http.request.headers.value.headers
text
host.services.http.request.method
text
host.services.http.request.uri
text
host.services.http.request.body
text
host.services.http.response
object
host.services.http.response.status_reason
text
host.services.http.response.html_tags
text
host.services.http.response.body_size
integer
host.services.http.response.body_hashes
keyword
host.services.http.response.favicons
object
host.services.http.response.favicons.size
integer
host.services.http.response.favicons.md5_hash
keyword
host.services.http.response.favicons.name
text
host.services.http.response.html_title
text
host.services.http.response.headers
nested
host.services.http.response.headers.key
text
host.services.http.response.headers.value
object
host.services.http.response.headers.value.headers
text
host.services.http.response.status_code
integer
host.services.http.response.protocol
text
host.services.http.response.body
text
host.services.http.supports_http2
boolean
host.services.fortigate
object
host.services.fortigate.version
text
host.services.fortigate.api_version
text
host.services.fortigate.build
integer
host.services.fortigate.http_info
object
host.services.fortigate.http_info.status_code
unsigned_long
Status code received from hitting /censys.inspect.
host.services.fortigate.http_info.headers
nested
host.services.fortigate.http_info.headers.value
object
host.services.fortigate.http_info.headers.value.headers
text
host.services.fortigate.http_info.headers.key
text
host.services.fortigate.http_info.status
text
Status message received from hitting 404 /censys.inspect.
host.services.fortigate.serial
text
host.services.fortigate.status_code
integer
host.services.fortigate.status_msg
text
host.services.ftp
object
host.services.ftp.implicit_tls
boolean
host.services.ftp.status_code
integer
host.services.ftp.status_meaning
text
host.services.ftp.auth_ssl_response
text
host.services.ftp.auth_tls_response
text
host.services.ftp.banner
text
host.services.mms
object
host.services.mms.model
text
host.services.mms.revision
text
host.services.mms.vendor
text
host.services.any_connect
object
host.services.any_connect.groups
text
List of groups a user can authenticate with to use this VPN
host.services.any_connect.raw
text
XML content of the config-auth response
host.services.any_connect.response_type
text
Type of the response packet received after initializing the config-auth exchange
host.services.any_connect.aggregate_auth_version
integer
Version number indicated by the response for config-auth exchange
host.services.any_connect.auth_methods
text
Supported methods for users to enter credentials for this VPN
host.services.skinny
object
host.services.skinny.response
text
host.services.cwmp
object
host.services.cwmp.http_info
object
host.services.cwmp.http_info.html_title
text
host.services.cwmp.http_info.html_tags
text
host.services.cwmp.http_info.headers
nested
host.services.cwmp.http_info.headers.value
object
host.services.cwmp.http_info.headers.value.headers
text
host.services.cwmp.http_info.headers.key
text
host.services.cwmp.http_info.protocol
text
host.services.cwmp.http_info.favicons
object
host.services.cwmp.http_info.favicons.md5_hash
keyword
host.services.cwmp.http_info.favicons.name
text
host.services.cwmp.http_info.favicons.size
integer
host.services.cwmp.http_info.status_code
integer
host.services.cwmp.http_info.status_reason
text
host.services.cwmp.http_info.body_hashes
keyword
host.services.cwmp.http_info.body_size
integer
host.services.cwmp.http_info.body
text
host.services.pop3
object
host.services.pop3.start_tls
text
The server's response to the STARTTLS command.
host.services.pop3.banner
text
The POP3 banner.
host.services.transport_protocol
text
host.services.memcached
object
host.services.memcached.stats
nested
Server Stats
host.services.memcached.stats.value
text
host.services.memcached.stats.key
text
host.services.memcached.version
text
Memcached Version
host.services.memcached.ascii_binding_protocol_enabled
boolean
True if the server responds to the ascii version of the memcached protocol.
host.services.memcached.binary_binding_protocol_enabled
boolean
True if the server responds to the binary version of the memcached protocol.
host.services.memcached.responds_to_udp
boolean
True if the server responds UDP.
host.services.upnp
object
host.services.upnp.spec
object
host.services.upnp.spec.minor
text
host.services.upnp.spec.major
text
host.services.upnp.devices
object
host.services.upnp.devices.service_list
object
host.services.upnp.devices.service_list.event_sub_url
text
host.services.upnp.devices.service_list.scpd_url
text
host.services.upnp.devices.service_list.service_id
text
host.services.upnp.devices.service_list.service_type
text
host.services.upnp.devices.service_list.control_url
text
host.services.upnp.devices.model_url
text
host.services.upnp.devices.manufacturer
text
host.services.upnp.devices.parent_id
integer
host.services.upnp.devices.model_description
text
host.services.upnp.devices.presentation_url
text
host.services.upnp.devices.udn
text
host.services.upnp.devices.device_type
text
host.services.upnp.devices.serial_number
text
host.services.upnp.devices.model_name
text
host.services.upnp.devices.upc
text
host.services.upnp.devices.id
integer
Censys-generated IDs representing a device tree
host.services.upnp.devices.friendly_name
text
host.services.upnp.devices.model_number
text
host.services.upnp.devices.manufacturer_url
text
host.services.upnp.endpoint
text
host.services.upnp.headers
nested
host.services.upnp.headers.value
object
host.services.upnp.headers.value.headers
text
host.services.upnp.headers.key
text
host.services.telnet
object
host.services.telnet.wont
object
host.services.telnet.wont.value
text
host.services.telnet.wont.key
unsigned_long
host.services.telnet.banner
text
host.services.telnet.do
object
host.services.telnet.do.key
unsigned_long
host.services.telnet.do.value
text
host.services.telnet.dont
object
host.services.telnet.dont.key
unsigned_long
host.services.telnet.dont.value
text
host.services.telnet.will
object
host.services.telnet.will.key
unsigned_long
host.services.telnet.will.value
text
host.services.pptp
object
host.services.pptp.firmware
object
host.services.pptp.firmware.major
unsigned_long
host.services.pptp.firmware.minor
unsigned_long
host.services.pptp.vendor
text
host.services.pptp.result_message
object
host.services.pptp.result_message.code
unsigned_long
host.services.pptp.result_message.meaning
text
host.services.pptp.error_message
object
host.services.pptp.error_message.code
unsigned_long
host.services.pptp.error_message.meaning
text
host.services.pptp.framing_message
object
host.services.pptp.framing_message.code
unsigned_long
host.services.pptp.framing_message.meaning
text
host.services.pptp.bearer_message
object
host.services.pptp.bearer_message.code
unsigned_long
host.services.pptp.bearer_message.meaning
text
host.services.pptp.hostname
text
host.services.pptp.maximum_channels
unsigned_long
host.services.pptp.protocol
object
host.services.pptp.protocol.major
unsigned_long
host.services.pptp.protocol.minor
unsigned_long
host.services.smtp
object
host.services.smtp.banner
text
The STMP banner.
host.services.smtp.ehlo
text
The server's response to the EHLO command.
host.services.smtp.start_tls
text
The server's response to the STARTTLS command.
host.services.openvpn
object
host.services.openvpn.accepts_v2
boolean
host.services.openvpn.accepts_v1
boolean
host.services.bacnet
object
host.services.bacnet.model_name
text
host.services.bacnet.object_name
text
host.services.bacnet.vendor_id
unsigned_long
host.services.bacnet.vendor_name
text
host.services.bacnet.description
text
host.services.bacnet.instance_number
unsigned_long
host.services.bacnet.location
text
host.services.bacnet.application_software_revision
text
host.services.bacnet.firmware_revision
text
host.services.prometheus
object
host.services.prometheus.http_info
object
host.services.prometheus.http_info.headers
nested
host.services.prometheus.http_info.headers.value
object
host.services.prometheus.http_info.headers.value.headers
text
host.services.prometheus.http_info.headers.key
text
host.services.prometheus.http_info.status
text
Status message received from hitting /api/v1/targets.
host.services.prometheus.http_info.status_code
unsigned_long
Status code received from hitting /api/v1/targets.
host.services.prometheus.response
object
Information Prometheus captured as well as build information.
host.services.prometheus.response.prometheus_versions
object
host.services.prometheus.response.prometheus_versions.go_version
text
Version of Go used to build Prometheus.
host.services.prometheus.response.prometheus_versions.revision
text
Revision of Prometheus.
host.services.prometheus.response.prometheus_versions.version
text
Version of Prometheus.
host.services.prometheus.response.active_targets
object
List of active targets.
host.services.prometheus.response.active_targets.labels
object
host.services.prometheus.response.active_targets.labels.instance
text
Instance after relabelling has occurred.
host.services.prometheus.response.active_targets.labels.job
text
Job of target after relabelling has occurred.
host.services.prometheus.response.active_targets.last_error
text
Last error that occurred within target.
host.services.prometheus.response.active_targets.last_scrape
text
Last time Prometheus scraped target.
host.services.prometheus.response.active_targets.scrape_url
text
URL that Prometheus scraped.
host.services.prometheus.response.active_targets.discovered_labels
object
host.services.prometheus.response.active_targets.discovered_labels.job
text
Job of target.
host.services.prometheus.response.active_targets.discovered_labels.metrics_path
text
Path to metrics of target.
host.services.prometheus.response.active_targets.discovered_labels.scheme
text
URL scheme.
host.services.prometheus.response.active_targets.discovered_labels.address
text
Address of target.
host.services.prometheus.response.active_targets.health
text
Whether target is up or down.
host.services.prometheus.response.all_versions
text
List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
host.services.prometheus.response.config_exposed
boolean
True when the config endpoint is exposed.
host.services.prometheus.response.dropped_targets
object
List of dropped targets.
host.services.prometheus.response.dropped_targets.job
text
Job of target.
host.services.prometheus.response.dropped_targets.metrics_path
text
Path to metrics of target.
host.services.prometheus.response.dropped_targets.scheme
text
URL scheme.
host.services.prometheus.response.dropped_targets.address
text
Address of target.
host.services.prometheus.response.go_versions
text
List of the versions of Go.
host.services.kubernetes
object
host.services.kubernetes.roles
object
host.services.kubernetes.roles.name
text
host.services.kubernetes.roles.rules
object
Rules set for this role.
host.services.kubernetes.roles.rules.api_groups
text
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
host.services.kubernetes.roles.rules.resources
text
Resources is a list of resources this rule applies to. ResourceAll represents all resources
host.services.kubernetes.roles.rules.verbs
text
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
host.services.kubernetes.version_info
object
host.services.kubernetes.version_info.git_commit
text
Git commit version built from.
host.services.kubernetes.version_info.git_version
text
host.services.kubernetes.version_info.go_version
text
Version of GO used to build version.
host.services.kubernetes.version_info.minor
text
Kubernetes minor version
host.services.kubernetes.version_info.platform
text
Platform compiled for
host.services.kubernetes.version_info.build_date
text
Date version was built.
host.services.kubernetes.version_info.compiler
text
Go Compiler used
host.services.kubernetes.version_info.git_tree_state
text
State of the tree when built.
host.services.kubernetes.version_info.major
text
Kubernetes major version
host.services.kubernetes.endpoints
object
host.services.kubernetes.endpoints.self_link
text
host.services.kubernetes.endpoints.subsets
object
host.services.kubernetes.endpoints.subsets.ports
object
host.services.kubernetes.endpoints.subsets.ports.name
text
host.services.kubernetes.endpoints.subsets.ports.port
unsigned_long
host.services.kubernetes.endpoints.subsets.ports.protocol
text
host.services.kubernetes.endpoints.subsets.addresses
object
host.services.kubernetes.endpoints.subsets.addresses.ip
ip
host.services.kubernetes.endpoints.subsets.addresses.node_name
text
host.services.kubernetes.endpoints.subsets.addresses.hostname
text
host.services.kubernetes.endpoints.name
text
host.services.kubernetes.kubernetes_dashboard_found
boolean
True if the dashboard is running and accessible
host.services.kubernetes.nodes
object
host.services.kubernetes.nodes.os_image
text
OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
host.services.kubernetes.nodes.images
text
List of container images on this node
host.services.kubernetes.nodes.kernel_version
text
Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
host.services.kubernetes.nodes.kube_proxy_version
text
KubeProxy Version reported by the node.
host.services.kubernetes.nodes.kubelet_version
text
Kubelet Version reported by the node.
host.services.kubernetes.nodes.operating_system
text
The Operating System reported by the node.
host.services.kubernetes.nodes.addresses
object
host.services.kubernetes.nodes.addresses.address
keyword
Node address, IP/URL.
host.services.kubernetes.nodes.addresses.address_type
text
Node address type, one of Hostname, ExternalIP or InternalIP.
host.services.kubernetes.nodes.name
text
host.services.kubernetes.nodes.container_runtime_version
text
ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
host.services.kubernetes.nodes.architecture
text
The Architecture reported by the node.
host.services.kubernetes.pod_names
text
host.services.modbus
object
host.services.modbus.exception_response
object
host.services.modbus.exception_response.exception_function
unsigned_long
host.services.modbus.exception_response.exception_type
unsigned_long
host.services.modbus.function
unsigned_long
host.services.modbus.mei_response
object
host.services.modbus.mei_response.objects
nested
host.services.modbus.mei_response.objects.key
text
host.services.modbus.mei_response.objects.value
text
host.services.modbus.mei_response.conformity_level
long
host.services.modbus.mei_response.more_follows
boolean
host.services.modbus.unit_id
long
host.services.risks
nested
host.services.risks.discovered_at
date
host.services.risks.name
text
host.services.risks.severity
text
host.services.risks.status
text
host.services.risks.type
text
host.services.risks.user_status
text
host.services.risks.categories
text
host.services.redis
object
host.services.redis.minor
unsigned_long
Minor is the version's major number.
host.services.redis.patch_level
unsigned_long
Patchlevel is the version's patchlevel number.
host.services.redis.mem_allocator
text
The memory allocator.
host.services.redis.mode
text
The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
host.services.redis.build_id
text
The Build ID of the Redis server.
host.services.redis.arch_bits
text
The architecture bits (32 or 64) the Redis server used to build.
host.services.redis.used_memory
unsigned_long
The total number of bytes allocated by Redis using its allocator.
host.services.redis.ping_response
text
The response from the PING command; should either be "PONG" or an authentication error.
host.services.redis.gcc_version
text
The version of the GCC compiler used to compile the Redis server.
host.services.redis.commands
text
The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
host.services.redis.raw_command_output
object
The raw output returned by the server for each command sent; the indices match those of commands.
host.services.redis.raw_command_output.output
text
host.services.redis.quit_response
text
The response to the QUIT command.
host.services.redis.uptime
unsigned_long
The number of seconds since Redis server start.
host.services.redis.git_sha1
text
The Sha-1 Git commit hash the Redis server used.
host.services.redis.os
text
The OS the Redis server is running, read from the the info_response (if available).
host.services.redis.nonexistent_response
text
The response from the NONEXISTENT command.
host.services.redis.auth_response
text
The response from the AUTH command, if sent.
host.services.redis.connections_received
unsigned_long
The total number of connections accepted by the server.
host.services.redis.info_response
object
The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.
host.services.redis.info_response.key
text
host.services.redis.info_response.value
text
host.services.redis.commands_processed
unsigned_long
The total number of commands processed by the server.
host.services.redis.major
unsigned_long
Major is the version's major number.
host.services.mssql
object
host.services.mssql.encrypt_mode
text
The negotiated ENCRYPT_MODE with the server
host.services.mssql.instance_name
text
host.services.mssql.prelogin_options
object
host.services.mssql.prelogin_options.server_version
object
host.services.mssql.prelogin_options.server_version.minor
unsigned_long
host.services.mssql.prelogin_options.server_version.build_number
unsigned_long
host.services.mssql.prelogin_options.server_version.major
unsigned_long
host.services.mssql.prelogin_options.unknown
object
host.services.mssql.prelogin_options.unknown.value
text
host.services.mssql.prelogin_options.unknown.key
unsigned_long
host.services.mssql.prelogin_options.fed_auth_required
boolean
host.services.mssql.prelogin_options.instance
text
host.services.mssql.prelogin_options.mars
boolean
host.services.mssql.prelogin_options.nonce
text
host.services.mssql.prelogin_options.trace_id
text
host.services.mssql.prelogin_options.encrypt_mode
text
host.services.mssql.prelogin_options.thread_id
unsigned_long
host.services.mssql.version
text
host.services.ldap
object
host.services.ldap.resultcode
unsigned_long
Result or error code returned by LDAP instance upon bind
host.services.ldap.allows_anonymous_bind
boolean
Ability to connect with anonymous bind (empty username and password)
host.services.ldap.attributes
object
All root DN attributes available via anonymous bind
host.services.ldap.attributes.values
text
Values for the respective LDAP attribute
host.services.ldap.attributes.name
text
Name of the LDAP attribute in the root DN
host.services.certificate
text
host.services.perspective_id
text
host.services.ipmi
object
host.services.ipmi.rmcp_header
object
The RMCP header of the response, (section 13.1.3)
host.services.ipmi.rmcp_header.message_class
object
The class of the message.
host.services.ipmi.rmcp_header.message_class.class
integer
Just the class part of the byte (lower 5 bits of raw)
host.services.ipmi.rmcp_header.message_class.is_ack
boolean
True if the message is an acknowledgment to a previous message.
host.services.ipmi.rmcp_header.message_class.name
text
The human-readable name of the message class
host.services.ipmi.rmcp_header.message_class.raw
integer
The raw message class byte.
host.services.ipmi.rmcp_header.sequence_number
integer
Sequence number of this packet in the session.
host.services.ipmi.rmcp_header.version
integer
The version. This scanner supports version 6.
host.services.ipmi.session_header
object
The IPMI sesssion header of the response
host.services.ipmi.session_header.auth_type
object
The authentication type for this request (see section 13.6)
host.services.ipmi.session_header.auth_type.name
text
The raw value of the auth_type
host.services.ipmi.session_header.auth_type.raw
integer
The raw value of the auth_type
host.services.ipmi.session_header.auth_type.type
integer
Just the auth type (reserved bits omitted)
host.services.ipmi.session_header.session_id
long
The ID of this sessiod.
host.services.ipmi.session_header.session_sequence_number
long
The session sequence number of this packet in the session
host.services.ipmi.session_header.auth_code
text
The 16-byte authentication code; not present if auth_type is None.
host.services.ipmi.capabilities
object
The Get Channel Authentication Capabilities response (section 22.13)
host.services.ipmi.capabilities.oem_id
text
The 3-byte OEM identifier
host.services.ipmi.capabilities.supported_auth_types
object
The auth types supported by the server
host.services.ipmi.capabilities.supported_auth_types.raw
integer
The raw byte, with the bit mask etc
host.services.ipmi.capabilities.supported_auth_types.extended
boolean
If true, the extended capabilities are present.
host.services.ipmi.capabilities.supported_auth_types.md2
boolean
True if the MD2 AuthType is supported.
host.services.ipmi.capabilities.supported_auth_types.md5
boolean
True if the MD5 AuthType is supported.
host.services.ipmi.capabilities.supported_auth_types.none
boolean
True if the None AuthType is supported.
host.services.ipmi.capabilities.supported_auth_types.oem_proprietary
boolean
True if the OEM Proprietary AuthType is supported
host.services.ipmi.capabilities.supported_auth_types.password
boolean
True if the Password AuthType is supported.
host.services.ipmi.capabilities.auth_status
object
The authentication status
host.services.ipmi.capabilities.auth_status.has_anonymous_users
boolean
If true, the server has anonymous users.
host.services.ipmi.capabilities.auth_status.has_named_users
boolean
If true, the server supports named users.
host.services.ipmi.capabilities.auth_status.two_key_login_required
boolean
The KG field.
host.services.ipmi.capabilities.auth_status.user_auth_disabled
boolean
If true, user authentication is disabled.
host.services.ipmi.capabilities.auth_status.anonymous_login_enabled
boolean
If true, the server allows anonymous login.
host.services.ipmi.capabilities.auth_status.auth_each_message
boolean
If true, each message must be authenticated.
host.services.ipmi.capabilities.channel_number
integer
The response channel number
host.services.ipmi.capabilities.completion_code
object
The status code of the response
host.services.ipmi.capabilities.completion_code.name
text
The human-readable name of the code
host.services.ipmi.capabilities.completion_code.raw
integer
The raw completion code
host.services.ipmi.capabilities.extended_capabilities
object
Extended auth capabilities (if present)
host.services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5
boolean
True if IPMI v1.5 is supported
host.services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0
boolean
True if IPMI v2.0 is supported
host.services.ipmi.capabilities.oem_data
integer
The OEM-specific data
host.services.ipmi.command_payload
object
The IPMI command payload
host.services.ipmi.command_payload.data
text
The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse
host.services.ipmi.command_payload.ipmi_command_number
object
The parsed IPMI command number
host.services.ipmi.command_payload.ipmi_command_number.name
text
The human-readable name of the cmd + NetFn
host.services.ipmi.command_payload.ipmi_command_number.raw
integer
The raw value of the cmd value
host.services.ipmi.command_payload.network_function_code
object
The NetFn and LUN
host.services.ipmi.command_payload.network_function_code.raw
integer
The raw value of the (NetFn << 2) | LUN
host.services.ipmi.command_payload.network_function_code.logical_unit_number
object
The parsed LUN (logical unit number -- the lower 2 bits of raw)
host.services.ipmi.command_payload.network_function_code.logical_unit_number.name
text
The human-readable name of the LUN
host.services.ipmi.command_payload.network_function_code.logical_unit_number.raw
integer
The value of the LUN (3 bits)
host.services.ipmi.command_payload.network_function_code.net_fn
object
The parsed NetFn value (the upper 6 bits of raw)
host.services.ipmi.command_payload.network_function_code.net_fn.name
text
The human-readable name of the NetFn
host.services.ipmi.command_payload.network_function_code.net_fn.raw
integer
The raw value of the NetFn (6 bits, least significant indicates request/response)
host.services.ipmi.command_payload.network_function_code.net_fn.value
integer
The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even)
host.services.ipmi.command_payload.network_function_code.net_fn.is_request
boolean
True if the least-significant bit is zero
host.services.ipmi.command_payload.network_function_code.net_fn.is_response
boolean
True if the least-significant bit is one
host.services.ipmi.command_payload.requestor_sequence_number
integer
The request sequence number.
host.services.ipmi.command_payload.checksum_error
boolean
This is set to true if the values of chk1 / chk2 do not match the command data
host.services.ipmi.raw
text
The raw data returned by the server
host.services.ssdp
object
host.services.ssdp.headers
nested
host.services.ssdp.headers.key
text
host.services.ssdp.headers.value
object
host.services.ssdp.headers.value.headers
text
host.services.ssdp.upnp_url
text
host.services.transport_fingerprint
object
host.services.transport_fingerprint.id
integer
host.services.transport_fingerprint.os
text
host.services.transport_fingerprint.quic
object
host.services.transport_fingerprint.quic.versions
unsigned_long
Raw versions presented in the QUIC version negotiation packet, if any.
host.services.transport_fingerprint.raw
text
host.services.oracle
object
host.services.oracle.redirect_target_raw
text
The connect descriptor returned by the server in the Redirect packet, if one is sent.
host.services.oracle.refuse_version
text
The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.
host.services.oracle.refuse_reason_app
text
The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
host.services.oracle.refuse_reason_sys
text
The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
host.services.oracle.nsn_service_versions
nested
A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
host.services.oracle.nsn_service_versions.key
text
host.services.oracle.nsn_service_versions.value
text
host.services.oracle.connect_flags1
nested
The second set of ConnectFlags returned in the Accept packet.
host.services.oracle.connect_flags1.value
boolean
host.services.oracle.connect_flags1.key
text
host.services.oracle.accept_version
unsigned_long
The protocol version number from the Accept packet.
host.services.oracle.refuse_error_raw
text
The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.
host.services.oracle.global_service_options
nested
Set of flags that the server returns in the Accept packet.
host.services.oracle.global_service_options.value
boolean
host.services.oracle.global_service_options.key
text
host.services.oracle.connect_flags0
nested
The first set of ConnectFlags returned in the Accept packet.
host.services.oracle.connect_flags0.key
text
host.services.oracle.connect_flags0.value
boolean
host.services.oracle.did_resend
boolean
True if the server sent a Resend packet request in response to the client's first Connect packet.
host.services.oracle.redirect_target
object
The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
host.services.oracle.redirect_target.key
text
host.services.oracle.redirect_target.value
text
host.services.oracle.refuse_error
object
The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE
host.services.oracle.refuse_error.key
text
host.services.oracle.refuse_error.value
text
host.services.oracle.nsn_version
text
The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.
host.services.ipp
object
host.services.ipp.major_version
unsigned_long
Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
host.services.ipp.attribute_printer_uris
text
Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
host.services.ipp.attributes
object
All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
host.services.ipp.attributes.name
text
host.services.ipp.attributes.value_tag
unsigned_long
host.services.ipp.attribute_cups_version
text
The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
host.services.ipp.minor_version
unsigned_long
Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
host.services.ipp.attribute_ipp_versions
text
Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
host.services.ipp.cups_response
object
host.services.ipp.cups_response.status_code
unsigned_long
host.services.ipp.cups_response.body_hash
text
Hash of body stored in a UTF-8 string of the format <hash-type>:<hash-encoded>, e.g. sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
host.services.ipp.cups_response.headers
nested
host.services.ipp.cups_response.headers.key
text
host.services.ipp.cups_response.headers.value
object
host.services.ipp.cups_response.headers.value.headers
text
host.services.ipp.cups_response.status
text
host.services.ipp.cups_version
text
The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
host.services.ipp.version_string
text
The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'
host.services.ipp.response
object
host.services.ipp.response.body_hash
text
Hash of body stored in a UTF-8 string of the format <hash-type>:<hash-encoded>, e.g. sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
host.services.ipp.response.headers
nested
host.services.ipp.response.headers.key
text
host.services.ipp.response.headers.value
object
host.services.ipp.response.headers.value.headers
text
host.services.ipp.response.status
text
host.services.ipp.response.status_code
unsigned_long
host.services.coap
object
host.services.coap.token
text
host.services.coap.version
unsigned_long
host.services.coap.code
text
host.services.coap.message_id
unsigned_long
host.services.coap.message_type
text
host.services.coap.payload
text
host.services.source_ip
ip
host.services.jarm
object
host.services.jarm.cipher_and_version_fingerprint
text
The first 30 byte portion of the Jarm fingerprint.
host.services.jarm.fingerprint
text
The 62 byte Jarm fingerprint of the service.
host.services.jarm.observed_at
date
The time the service was fingerprinted
host.services.jarm.tls_extensions_sha256
text
The second 32 byte portion of the Jarm fingerprint
host.services.rdp
object
host.services.rdp.selected_security_protocol
object
host.services.rdp.selected_security_protocol.raw_value
unsigned_long
host.services.rdp.selected_security_protocol.error_hybrid_required
boolean
host.services.rdp.selected_security_protocol.error_ssl_user_auth_required
boolean
host.services.rdp.selected_security_protocol.error_bad_flags
boolean
host.services.rdp.selected_security_protocol.error_ssl_required
boolean
host.services.rdp.selected_security_protocol.error_ssl_forbidden
boolean
host.services.rdp.selected_security_protocol.error_unknown
boolean
host.services.rdp.selected_security_protocol.tls
boolean
host.services.rdp.selected_security_protocol.credssp
boolean
host.services.rdp.selected_security_protocol.error_ssl_cert_missing
boolean
host.services.rdp.selected_security_protocol.credssp_early_auth
boolean
host.services.rdp.selected_security_protocol.standard_rdp
boolean
host.services.rdp.selected_security_protocol.rdstls
boolean
host.services.rdp.selected_security_protocol.error
boolean
host.services.rdp.version
object
host.services.rdp.version.raw
unsigned_long
Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes.
host.services.rdp.version.major
integer
host.services.rdp.version.minor
integer
host.services.rdp.x224_cc_pdu_srcref
unsigned_long
host.services.rdp.certificate_info
object
host.services.rdp.certificate_info.internal_x509_chain_fps
keyword
host.services.rdp.certificate_info.proprietary_rsa_key
object
host.services.rdp.certificate_info.proprietary_rsa_key.public_exponent
unsigned_long
host.services.rdp.certificate_info.proprietary_rsa_key.signature
text
host.services.rdp.certificate_info.proprietary_rsa_key.key_length
unsigned_long
host.services.rdp.certificate_info.proprietary_rsa_key.magic
unsigned_long
host.services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen
unsigned_long
host.services.rdp.certificate_info.proprietary_rsa_key.modulus
text
host.services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen
unsigned_long
host.services.rdp.connect_response
object
host.services.rdp.connect_response.connect_id
unsigned_long
host.services.rdp.connect_response.domain_parameters
object
host.services.rdp.connect_response.domain_parameters.max_user_id_channels
long
host.services.rdp.connect_response.domain_parameters.min_throughput
long
host.services.rdp.connect_response.domain_parameters.num_priorities
long
host.services.rdp.connect_response.domain_parameters.domain_protocol_version
long
host.services.rdp.connect_response.domain_parameters.max_channel_ids
long
host.services.rdp.connect_response.domain_parameters.max_mcspdu_size
long
host.services.rdp.connect_response.domain_parameters.max_provider_height
long
host.services.rdp.connect_response.domain_parameters.max_token_ids
long
host.services.rdp.protocol_flags
object
host.services.rdp.protocol_flags.dynvc_graphics_pipeline
boolean
host.services.rdp.protocol_flags.extended_client_data_supported
boolean
host.services.rdp.protocol_flags.neg_resp_reserved
boolean
host.services.rdp.protocol_flags.restricted_admin_mode
boolean
host.services.rdp.protocol_flags.restricted_auth_mode
boolean
host.services.software
nested
host.services.software.component_uniform_resource_identifiers
text
URIs of software components related to the identified software.
host.services.software.vendor
text
Identifies the person or organization that manufactured or created the product.
host.services.software.edition
text
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
host.services.software.target_sw
text
Characterizes the software computing environment within which the product operates.
host.services.software.source
text
Defines the source that this software information was derived from.
host.services.software.uniform_resource_identifier
text
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
host.services.software.language
text
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
host.services.software.update
text
Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
host.services.software.part
keyword
Defines the class of this software, a for application, o for operating system, h for hardware devices.
host.services.software.eol
boolean
host.services.software.product
text
Identifies the most common and recognizable title or name of the product.
host.services.software.risks
nested
host.services.software.risks.user_status
text
host.services.software.risks.categories
text
host.services.software.risks.discovered_at
date
host.services.software.risks.name
text
host.services.software.risks.severity
text
host.services.software.risks.status
text
host.services.software.risks.type
text
host.services.software.other
object
Other attributes describing the identified software
host.services.software.other.key
text
host.services.software.other.value
text
host.services.software.target_hw
text
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
host.services.software.version
text
Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
host.services.software.sw_edition
text
Characterizes how the product is tailored to a particular market or class of end users.
host.services.vnc
object
host.services.vnc.connection_failed_reason
text
If server terminates handshake, the reason offered (if any)
host.services.vnc.desktop_name
text
Desktop name provided by the server, capped at 255 bytes
host.services.vnc.pixel_encoding
object
host.services.vnc.pixel_encoding.name
text
host.services.vnc.pixel_encoding.value
integer
host.services.vnc.screen_info
object
host.services.vnc.screen_info.height
unsigned_long
host.services.vnc.screen_info.name_len
unsigned_long
host.services.vnc.screen_info.pixel_format
object
host.services.vnc.screen_info.pixel_format.red_max
unsigned_long
Max value of red pixel
host.services.vnc.screen_info.pixel_format.green_shift
unsigned_long
How many bits to right shift a pixel datum to get green bits in lsb
host.services.vnc.screen_info.pixel_format.padding3
unsigned_long
host.services.vnc.screen_info.pixel_format.blue_shift
unsigned_long
How many bits to right shift a pixel datum to get blue bits in lsb
host.services.vnc.screen_info.pixel_format.true_color
boolean
If false, color maps are used
host.services.vnc.screen_info.pixel_format.depth
unsigned_long
Color depth
host.services.vnc.screen_info.pixel_format.red_shift
unsigned_long
How many bits to right shift a pixel datum to get red bits in lsb
host.services.vnc.screen_info.pixel_format.green_max
unsigned_long
Max value of green pixel
host.services.vnc.screen_info.pixel_format.padding1
unsigned_long
host.services.vnc.screen_info.pixel_format.padding2
unsigned_long
host.services.vnc.screen_info.pixel_format.big_endian
boolean
If pixel RGB data are in big-endian
host.services.vnc.screen_info.pixel_format.bits_per_pixel
unsigned_long
How many bits in a single full pixel datum. Valid values are: 8, 16, 32
host.services.vnc.screen_info.pixel_format.blue_max
unsigned_long
Max value of blue pixel
host.services.vnc.screen_info.width
unsigned_long
host.services.vnc.security_types
object
server-specified security options
host.services.vnc.security_types.name
text
host.services.vnc.security_types.value
integer
host.services.vnc.version
text
host.services.mongodb
object
host.services.mongodb.build_info
object
host.services.mongodb.build_info.build_environment
object
host.services.mongodb.build_info.build_environment.cc_flags
text
host.services.mongodb.build_info.build_environment.link_flags
text
host.services.mongodb.build_info.build_environment.target_arch
text
host.services.mongodb.build_info.build_environment.target_os
text
host.services.mongodb.build_info.build_environment.cc
text
host.services.mongodb.build_info.build_environment.cxx_flags
text
host.services.mongodb.build_info.build_environment.dist_arch
text
host.services.mongodb.build_info.build_environment.cxx
text
host.services.mongodb.build_info.build_environment.dist_mod
text
host.services.mongodb.build_info.git_version
text
Version of mongodb server
host.services.mongodb.build_info.version
text
Version of mongodb server
host.services.mongodb.is_master
object
host.services.mongodb.is_master.max_wire_version
integer
host.services.mongodb.is_master.max_write_batch_size
integer
host.services.mongodb.is_master.min_wire_version
integer
host.services.mongodb.is_master.read_only
boolean
host.services.mongodb.is_master.is_master
boolean
host.services.mongodb.is_master.logical_session_timeout_minutes
integer
host.services.mongodb.is_master.max_bson_object_size
integer
host.services.mongodb.is_master.max_message_size_bytes
integer
host.services.mysql
object
host.services.mysql.connection_id
unsigned_long
The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
host.services.mysql.auth_plugin_name
text
The name of the authentication plugin, returned in the initial HandshakePacket.
host.services.mysql.error_code
long
Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
host.services.mysql.character_set
unsigned_long
The identifier for the character set the server is using. Returned in the initial HandshakePacket.
host.services.mysql.status_flags
nested
The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
host.services.mysql.status_flags.key
text
host.services.mysql.status_flags.value
boolean
host.services.mysql.error_message
text
Optional string describing the error. Only set if there is an error.
host.services.mysql.server_version
text
The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
host.services.mysql.capability_flags
nested
The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
host.services.mysql.capability_flags.key
text
host.services.mysql.capability_flags.value
boolean
host.services.mysql.protocol_version
unsigned_long
8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
host.services.mysql.auth_plugin_data
text
Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
host.services.mysql.error_id
text
The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN
host.ip
ip

Web Entitys

Placeholder web entity asset type description.

Fields
Field NameValue TypeDescription
web_entity
object
web_entity.port
integer
web_entity.instance_count
integer
web_entity.instances
nested
web_entity.instances.cloud
text
web_entity.instances.classifications
text
web_entity.instances.tls
object
web_entity.instances.tls.cipher_selected
text
Cipher suite chosen for the exchange.
web_entity.instances.tls.ja3s
text
The JA3S fingerprint for this service.
web_entity.instances.tls.server_key_exchange
object
DEPRECATED (05/03/2021)
web_entity.instances.tls.server_key_exchange.signature
text
DEPRECATED (05/10/2021)
web_entity.instances.tls.server_key_exchange.dh_params
object
Diffie-Hellman key exchange parameters used.
web_entity.instances.tls.server_key_exchange.dh_params.group
object
Diffie-Hellman group details.
web_entity.instances.tls.server_key_exchange.dh_params.group.p
text
web_entity.instances.tls.server_key_exchange.dh_params.public_key
text
web_entity.instances.tls.server_key_exchange.ec_params
object
Elliptic-Curve key exchange parameters used.
web_entity.instances.tls.server_key_exchange.ec_params.public_key
text
web_entity.instances.tls.server_key_exchange.ec_params.named_curve
unsigned_long
Elliptic-Curve ID value.
web_entity.instances.tls.server_key_exchange.rsa_params
object
DEPRECATED (05/10/2021) - Can be found in the public key RSA details.
web_entity.instances.tls.server_key_exchange.rsa_params.public_key
object
web_entity.instances.tls.server_key_exchange.rsa_params.public_key.e
text
web_entity.instances.tls.server_key_exchange.rsa_params.public_key.n
text
web_entity.instances.tls.session_ticket
object
The new session ticket sent by the server to the client.
web_entity.instances.tls.session_ticket.length
unsigned_long
web_entity.instances.tls.session_ticket.lifetime_hint
unsigned_long
Hint from server about how long the session ticket should be stored.
web_entity.instances.tls.version_selected
text
Certificate version v1(0), v2(1), v3(2).
web_entity.instances.tls.certificates
object
Certificate and certificate chain details.
web_entity.instances.tls.certificates.leaf_fp_sha_256
keyword
SHA 256 fingerprint of the TBS certificate.
web_entity.instances.tls.certificates.chain
object
Certificate chain information.
web_entity.instances.tls.certificates.chain.issuer_dn
text
Distinguished name of the entity that has signed and issued the certificate.
web_entity.instances.tls.certificates.chain.subject_dn
text
Distinguished name of the entity that the certificate belongs to.
web_entity.instances.tls.certificates.chain.fingerprint
keyword
SHA 256 fingerprint of the certificate in the certificate chain.
web_entity.instances.tls.certificates.chain_fps_sha_256
keyword
DEPRECATED (04/30/2021) - Use `chain` instead.
web_entity.instances.tls.certificates.leaf_data
object
The TBS Certificate information.
web_entity.instances.tls.certificates.leaf_data.issuer_dn
text
Distinguished name of the entity that has signed and issued the certificate.
web_entity.instances.tls.certificates.leaf_data.public_key
object
Subject public key information.
web_entity.instances.tls.certificates.leaf_data.public_key.key_algorithm
keyword
web_entity.instances.tls.certificates.leaf_data.public_key.rsa
object
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.modulus
text
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.exponent
text
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.length
unsigned_long
web_entity.instances.tls.certificates.leaf_data.public_key.dsa
object
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.y
text
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.g
text
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.p
text
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.q
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa
object
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.n
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.gx
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.y
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.length
unsigned_long
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.p
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.pub
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.curve
keyword
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.x
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.b
text
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.gy
text
web_entity.instances.tls.certificates.leaf_data.public_key.fingerprint
text
web_entity.instances.tls.certificates.leaf_data.signature
object
Certificate signature information.
web_entity.instances.tls.certificates.leaf_data.signature.signature_algorithm
keyword
Cryptographic algorithm used by the CA to sign this certificate.
web_entity.instances.tls.certificates.leaf_data.signature.self_signed
boolean
Denotes if the certificate was self signed.
web_entity.instances.tls.certificates.leaf_data.tbs_fingerprint
keyword
Fingerprint of the TBS certificate.
web_entity.instances.tls.certificates.leaf_data.subject_dn
text
Distinguished name of the entity associated with the public key.
web_entity.instances.tls.certificates.leaf_data.names
text
Common names for the entity.
web_entity.instances.tls.certificates.leaf_data.pubkey_algorithm
text
Algorithm used to create the public key.
web_entity.instances.tls.certificates.leaf_data.subject
object
Subject distinguished name attributes.
web_entity.instances.tls.certificates.leaf_data.subject.email_address
text
web_entity.instances.tls.certificates.leaf_data.subject.common_name
text
web_entity.instances.tls.certificates.leaf_data.subject.street_address
text
web_entity.instances.tls.certificates.leaf_data.subject.domain_component
text
web_entity.instances.tls.certificates.leaf_data.subject.country
text
web_entity.instances.tls.certificates.leaf_data.subject.locality
text
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_province
text
web_entity.instances.tls.certificates.leaf_data.subject.province
text
web_entity.instances.tls.certificates.leaf_data.subject.organization
text
web_entity.instances.tls.certificates.leaf_data.subject.postal_code
keyword
web_entity.instances.tls.certificates.leaf_data.subject.organizational_unit
text
web_entity.instances.tls.certificates.leaf_data.subject.organization_id
text
web_entity.instances.tls.certificates.leaf_data.subject.serial_number
keyword
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_locality
text
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_country
text
web_entity.instances.tls.certificates.leaf_data.issuer
object
Issuer distinguished name attributes.
web_entity.instances.tls.certificates.leaf_data.issuer.street_address
text
web_entity.instances.tls.certificates.leaf_data.issuer.email_address
text
web_entity.instances.tls.certificates.leaf_data.issuer.province
text
web_entity.instances.tls.certificates.leaf_data.issuer.domain_component
text
web_entity.instances.tls.certificates.leaf_data.issuer.common_name
text
web_entity.instances.tls.certificates.leaf_data.issuer.country
text
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_locality
text
web_entity.instances.tls.certificates.leaf_data.issuer.postal_code
keyword
web_entity.instances.tls.certificates.leaf_data.issuer.organization
text
web_entity.instances.tls.certificates.leaf_data.issuer.serial_number
keyword
web_entity.instances.tls.certificates.leaf_data.issuer.organization_id
text
web_entity.instances.tls.certificates.leaf_data.issuer.organizational_unit
text
web_entity.instances.tls.certificates.leaf_data.issuer.locality
text
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_province
text
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_country
text
web_entity.instances.tls.certificates.leaf_data.fingerprint
keyword
SHA256 fingerprint of the TBS certificate.
web_entity.instances.tls.certificates.leaf_data.pubkey_bit_size
integer
Size of the public key.
web_entity.instances.perspective_id
text
web_entity.instances.cdns
text
web_entity.instances.last_observed_at
date
web_entity.instances.transport_protocol
text
web_entity.instances.risks
nested
web_entity.instances.risks.user_status
text
web_entity.instances.risks.categories
text
web_entity.instances.risks.discovered_at
date
web_entity.instances.risks.name
text
web_entity.instances.risks.severity
text
web_entity.instances.risks.status
text
web_entity.instances.risks.type
text
web_entity.instances.web_origin
text
web_entity.instances.extended_service_name
text
web_entity.instances.http
object
web_entity.instances.http.request
object
web_entity.instances.http.request.body
text
web_entity.instances.http.request.headers
nested
web_entity.instances.http.request.headers.key
text
web_entity.instances.http.request.headers.value
object
web_entity.instances.http.request.headers.value.headers
text
web_entity.instances.http.request.method
text
web_entity.instances.http.request.uri
text
web_entity.instances.http.response
object
web_entity.instances.http.response.protocol
text
web_entity.instances.http.response.html_title
text
web_entity.instances.http.response.body_hashes
keyword
web_entity.instances.http.response.body_size
integer
web_entity.instances.http.response.body
text
web_entity.instances.http.response.favicons
object
web_entity.instances.http.response.favicons.size
integer
web_entity.instances.http.response.favicons.md5_hash
keyword
web_entity.instances.http.response.favicons.name
text
web_entity.instances.http.response.html_tags
text
web_entity.instances.http.response.status_reason
text
web_entity.instances.http.response.status_code
integer
web_entity.instances.http.response.headers
nested
web_entity.instances.http.response.headers.key
text
web_entity.instances.http.response.headers.value
object
web_entity.instances.http.response.headers.value.headers
text
web_entity.instances.http.supports_http2
boolean
web_entity.instances.source_ip
ip
web_entity.instances.banner
text
web_entity.instances.ip
text
web_entity.instances.elasticsearch
object
web_entity.instances.elasticsearch.node_info
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info.uuid
text
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes
unsigned_long
Total size in bytes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.available
text
Human-friendly available size
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes
unsigned_long
Available size in bytes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.free
text
Human-friendly free size
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes
unsigned_long
Free size in bytes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.total
text
Human-friendly total size
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.count
unsigned_long
Total number of indices with shards assigned to selected nodes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted
unsigned_long
Total number of deleted documents across all primary shards assigned to selected nodes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs.count
unsigned_long
Total number of non-deleted documents across all primary shards assigned to selected nodes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store
object
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes
unsigned_long
Total size, in bytes, of all shards assigned to selected nodes
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes
unsigned_long
A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities
web_entity.instances.elasticsearch.node_info.cluster_combined_info.name
text
web_entity.instances.elasticsearch.node_info.cluster_combined_info.status
text
web_entity.instances.elasticsearch.node_info.cluster_combined_info.timestamp
unsigned_long
web_entity.instances.elasticsearch.node_info.nodes
object
web_entity.instances.elasticsearch.node_info.nodes.node_name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.total_indexing_buffer
unsigned_long
web_entity.instances.elasticsearch.node_info.nodes.node_data.version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.host
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.roles
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.ingest_processors
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_hash
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_flavor
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.cluster_name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_type
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.os
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.allocated_proc
integer
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.arch
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.available_proc
integer
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.pretty_name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms
unsigned_long
web_entity.instances.elasticsearch.node_info.nodes.node_data.ip
ip
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.start_time
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms
unsigned_long
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.memory_pools
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.gc
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.input_args
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.min
integer
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size
integer
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.type
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.max
integer
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules
object
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.class_name
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.desc
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.elastic_version
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.ext_plugins
text
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl
boolean
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.java_version
text
web_entity.instances.elasticsearch.system_info
object
web_entity.instances.elasticsearch.system_info.cluster_uuid
text
Cluster UUID
web_entity.instances.elasticsearch.system_info.name
text
Cluster Name
web_entity.instances.elasticsearch.system_info.tagline
text
Elasticsearch identifying tagline
web_entity.instances.elasticsearch.system_info.version
object
web_entity.instances.elasticsearch.system_info.version.number
text
ES Cluster version
web_entity.instances.elasticsearch.system_info.version.build_hash
text
web_entity.instances.elasticsearch.system_info.version.build_flavor
text
web_entity.instances.elasticsearch.system_info.version.build_type
text
web_entity.instances.elasticsearch.system_info.version.min_idx_compat_ver
text
web_entity.instances.elasticsearch.system_info.version.min_wire_compat_ver
text
web_entity.instances.elasticsearch.system_info.version.build_date
text
web_entity.instances.elasticsearch.system_info.version.build_snapshot
boolean
web_entity.instances.elasticsearch.system_info.version.lucene_version
text
web_entity.instances.elasticsearch.http_info
object
web_entity.instances.elasticsearch.http_info.headers
nested
web_entity.instances.elasticsearch.http_info.headers.key
text
web_entity.instances.elasticsearch.http_info.headers.value
object
web_entity.instances.elasticsearch.http_info.headers.value.headers
text
web_entity.instances.elasticsearch.http_info.status
text
web_entity.instances.elasticsearch.http_info.status_code
integer
web_entity.instances.prometheus
object
web_entity.instances.prometheus.response
object
Information Prometheus captured as well as build information.
web_entity.instances.prometheus.response.active_targets
object
List of active targets.
web_entity.instances.prometheus.response.active_targets.labels
object
web_entity.instances.prometheus.response.active_targets.labels.instance
text
Instance after relabelling has occurred.
web_entity.instances.prometheus.response.active_targets.labels.job
text
Job of target after relabelling has occurred.
web_entity.instances.prometheus.response.active_targets.last_error
text
Last error that occurred within target.
web_entity.instances.prometheus.response.active_targets.last_scrape
text
Last time Prometheus scraped target.
web_entity.instances.prometheus.response.active_targets.scrape_url
text
URL that Prometheus scraped.
web_entity.instances.prometheus.response.active_targets.discovered_labels
object
web_entity.instances.prometheus.response.active_targets.discovered_labels.scheme
text
URL scheme.
web_entity.instances.prometheus.response.active_targets.discovered_labels.address
text
Address of target.
web_entity.instances.prometheus.response.active_targets.discovered_labels.job
text
Job of target.
web_entity.instances.prometheus.response.active_targets.discovered_labels.metrics_path
text
Path to metrics of target.
web_entity.instances.prometheus.response.active_targets.health
text
Whether target is up or down.
web_entity.instances.prometheus.response.all_versions
text
List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
web_entity.instances.prometheus.response.config_exposed
boolean
True when the config endpoint is exposed.
web_entity.instances.prometheus.response.dropped_targets
object
List of dropped targets.
web_entity.instances.prometheus.response.dropped_targets.job
text
Job of target.
web_entity.instances.prometheus.response.dropped_targets.metrics_path
text
Path to metrics of target.
web_entity.instances.prometheus.response.dropped_targets.scheme
text
URL scheme.
web_entity.instances.prometheus.response.dropped_targets.address
text
Address of target.
web_entity.instances.prometheus.response.go_versions
text
List of the versions of Go.
web_entity.instances.prometheus.response.prometheus_versions
object
web_entity.instances.prometheus.response.prometheus_versions.version
text
Version of Prometheus.
web_entity.instances.prometheus.response.prometheus_versions.go_version
text
Version of Go used to build Prometheus.
web_entity.instances.prometheus.response.prometheus_versions.revision
text
Revision of Prometheus.
web_entity.instances.prometheus.http_info
object
web_entity.instances.prometheus.http_info.status_code
unsigned_long
Status code received from hitting /api/v1/targets.
web_entity.instances.prometheus.http_info.headers
nested
web_entity.instances.prometheus.http_info.headers.key
text
web_entity.instances.prometheus.http_info.headers.value
object
web_entity.instances.prometheus.http_info.headers.value.headers
text
web_entity.instances.prometheus.http_info.status
text
Status message received from hitting /api/v1/targets.
web_entity.instances.location
object
web_entity.instances.location.registered_country_code
keyword
The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
web_entity.instances.location.continent
keyword
The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
web_entity.instances.location.country_code
keyword
The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
web_entity.instances.location.province
text
The state or province name of the detected location.
web_entity.instances.location.city
text
The English name of the detected city.
web_entity.instances.location.country
text
The English name of the detected country.
web_entity.instances.location.registered_country
text
The English name of the registered country.
web_entity.instances.location.coordinates
object
The estimated coordinates of the detected location.
web_entity.instances.location.coordinates.longitude
double
web_entity.instances.location.coordinates.latitude
double
web_entity.instances.location.timezone
text
The IANA time zone database name of the detected location.
web_entity.instances.location.postal_code
keyword
The postal code (if applicable) of the detected location.
web_entity.instances.transport_fingerprint
object
web_entity.instances.transport_fingerprint.id
integer
web_entity.instances.transport_fingerprint.os
text
web_entity.instances.transport_fingerprint.quic
object
web_entity.instances.transport_fingerprint.quic.versions
unsigned_long
Raw versions presented in the QUIC version negotiation packet, if any.
web_entity.instances.transport_fingerprint.raw
text
web_entity.instances.software
object
web_entity.instances.software.update
text
Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
web_entity.instances.software.version
text
Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
web_entity.instances.software.source
text
Defines the source that this software information was derived from.
web_entity.instances.software.uniform_resource_identifier
text
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
web_entity.instances.software.sw_edition
text
Characterizes how the product is tailored to a particular market or class of end users.
web_entity.instances.software.risks
nested
web_entity.instances.software.risks.user_status
text
web_entity.instances.software.risks.categories
text
web_entity.instances.software.risks.discovered_at
date
web_entity.instances.software.risks.name
text
web_entity.instances.software.risks.severity
text
web_entity.instances.software.risks.status
text
web_entity.instances.software.risks.type
text
web_entity.instances.software.vendor
text
Identifies the person or organization that manufactured or created the product.
web_entity.instances.software.component_uniform_resource_identifiers
text
URIs of software components related to the identified software.
web_entity.instances.software.target_hw
text
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
web_entity.instances.software.product
text
Identifies the most common and recognizable title or name of the product.
web_entity.instances.software.eol
boolean
web_entity.instances.software.other
object
Other attributes describing the identified software
web_entity.instances.software.other.key
text
web_entity.instances.software.other.value
text
web_entity.instances.software.target_sw
text
Characterizes the software computing environment within which the product operates.
web_entity.instances.software.language
text
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
web_entity.instances.software.edition
text
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
web_entity.instances.software.part
keyword
Defines the class of this software, a for application, o for operating system, h for hardware devices.
web_entity.instances.autonomous_system
object
web_entity.instances.autonomous_system.name
text
The friendly name of the autonomous system.
web_entity.instances.autonomous_system.organization
text
The name of the organization managning the autonomous system.
web_entity.instances.autonomous_system.asn
unsigned_long
The ASN (autonomous system number) of the host's autonomous system.
web_entity.instances.autonomous_system.bgp_prefix
ip_range
The autonomous system's CIDR.
web_entity.instances.autonomous_system.country_code
keyword
The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
web_entity.instances.autonomous_system.description
text
Brief description of the autonomous system.
web_entity.instances.certificate
text
web_entity.instances.port
integer
web_entity.instances.kubernetes
object
web_entity.instances.kubernetes.version_info
object
web_entity.instances.kubernetes.version_info.build_date
text
Date version was built.
web_entity.instances.kubernetes.version_info.compiler
text
Go Compiler used
web_entity.instances.kubernetes.version_info.platform
text
Platform compiled for
web_entity.instances.kubernetes.version_info.go_version
text
Version of GO used to build version.
web_entity.instances.kubernetes.version_info.git_tree_state
text
State of the tree when built.
web_entity.instances.kubernetes.version_info.git_commit
text
Git commit version built from.
web_entity.instances.kubernetes.version_info.git_version
text
web_entity.instances.kubernetes.version_info.major
text
Kubernetes major version
web_entity.instances.kubernetes.version_info.minor
text
Kubernetes minor version
web_entity.instances.kubernetes.endpoints
object
web_entity.instances.kubernetes.endpoints.subsets
object
web_entity.instances.kubernetes.endpoints.subsets.addresses
object
web_entity.instances.kubernetes.endpoints.subsets.addresses.hostname
text
web_entity.instances.kubernetes.endpoints.subsets.addresses.ip
ip
web_entity.instances.kubernetes.endpoints.subsets.addresses.node_name
text
web_entity.instances.kubernetes.endpoints.subsets.ports
object
web_entity.instances.kubernetes.endpoints.subsets.ports.protocol
text
web_entity.instances.kubernetes.endpoints.subsets.ports.name
text
web_entity.instances.kubernetes.endpoints.subsets.ports.port
unsigned_long
web_entity.instances.kubernetes.endpoints.name
text
web_entity.instances.kubernetes.endpoints.self_link
text
web_entity.instances.kubernetes.kubernetes_dashboard_found
boolean
True if the dashboard is running and accessible
web_entity.instances.kubernetes.nodes
object
web_entity.instances.kubernetes.nodes.kubelet_version
text
Kubelet Version reported by the node.
web_entity.instances.kubernetes.nodes.name
text
web_entity.instances.kubernetes.nodes.os_image
text
OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
web_entity.instances.kubernetes.nodes.addresses
object
web_entity.instances.kubernetes.nodes.addresses.address
keyword
Node address, IP/URL.
web_entity.instances.kubernetes.nodes.addresses.address_type
text
Node address type, one of Hostname, ExternalIP or InternalIP.
web_entity.instances.kubernetes.nodes.architecture
text
The Architecture reported by the node.
web_entity.instances.kubernetes.nodes.container_runtime_version
text
ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
web_entity.instances.kubernetes.nodes.operating_system
text
The Operating System reported by the node.
web_entity.instances.kubernetes.nodes.kernel_version
text
Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
web_entity.instances.kubernetes.nodes.kube_proxy_version
text
KubeProxy Version reported by the node.
web_entity.instances.kubernetes.nodes.images
text
List of container images on this node
web_entity.instances.kubernetes.pod_names
text
web_entity.instances.kubernetes.roles
object
web_entity.instances.kubernetes.roles.name
text
web_entity.instances.kubernetes.roles.rules
object
Rules set for this role.
web_entity.instances.kubernetes.roles.rules.verbs
text
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
web_entity.instances.kubernetes.roles.rules.api_groups
text
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
web_entity.instances.kubernetes.roles.rules.resources
text
Resources is a list of resources this rule applies to. ResourceAll represents all resources
web_entity.instances.service_name
text
web_entity.instances.dns
object
web_entity.instances.dns.reverse_dns
object
web_entity.instances.dns.reverse_dns.names
text
web_entity.instances.dns.reverse_dns.resolved_at
date
web_entity.instances.dns.names
text
web_entity.instances.jarm
object
web_entity.instances.jarm.cipher_and_version_fingerprint
text
The first 30 byte portion of the Jarm fingerprint.
web_entity.instances.jarm.fingerprint
text
The 62 byte Jarm fingerprint of the service.
web_entity.instances.jarm.observed_at
date
The time the service was fingerprinted
web_entity.instances.jarm.tls_extensions_sha256
text
The second 32 byte portion of the Jarm fingerprint
web_entity.name
text
web_entity.asset_id
text

Domains

Any name registered in the Domain Name System with the format eTLD+1 (e.g., censys.io). Domain fields include DNS data such as name servers, mail servers, and registration information.

Fields
Field NameValue TypeDescription
domain
object
domain.registrar
text
domain.name_servers
text
domain.expiration_date
date
domain.mail_exchange_servers
text
domain.cloud
text
domain.name
text

Certificates

An electronic document used to prove the ownership of a public key, often used during a TLS handshake. Certificate fields include the parsed contents, and trust information from root stores, certificate transparency logs, zlint, and Censys collection metadata.

Fields
Field NameValue TypeDescription
certificate
object
certificate.precert
boolean
certificate.revocation
object
certificate.revocation.crl
object
certificate.revocation.crl.next_update
date
certificate.revocation.crl.reason
text
An enumerated value indicating the issuer-supplied reason for the revocation.
certificate.revocation.crl.revocation_time
date
The issuer-supplied timestamp indicating when the certificate was revoked.
certificate.revocation.crl.revoked
boolean
Whether the certificate has been revoked before its expiry date by the issuer.
certificate.revocation.ocsp
object
certificate.revocation.ocsp.next_update
date
certificate.revocation.ocsp.reason
text
An enumerated value indicating the issuer-supplied reason for the revocation.
certificate.revocation.ocsp.revocation_time
date
The issuer-supplied timestamp indicating when the certificate was revoked.
certificate.revocation.ocsp.revoked
boolean
Whether the certificate has been revoked before its expiry date by the issuer.
certificate.modified_at
date
certificate.added_at
date
certificate.association_class
text
certificate.fingerprint_sha256
text
certificate.tbs_no_ct_fingerprint_sha256
text
certificate.spki_fingerprint_sha256
text
certificate.names
text
certificate.tbs_fingerprint_sha256
text
certificate.raw
text
certificate.parent_spki_fingerprint_sha256
text
certificate.ct
object
certificate.ct.entries
nested
certificate.ct.entries.value
object
certificate.ct.entries.value.added_to_ct_at
date
An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
certificate.ct.entries.value.ct_to_censys_at
date
An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
certificate.ct.entries.value.index
long
Numerical marker of the certificate's place in the CT log.
certificate.ct.entries.key
text
certificate.fingerprint_md5
text
certificate.validated_at
date
certificate.validation
object
certificate.validation.chrome
object
A record containing validation information about the certificate from the Chrome root store.
certificate.validation.chrome.in_revocation_set
boolean
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
certificate.validation.chrome.is_valid
boolean
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
certificate.validation.chrome.parents
text
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
certificate.validation.chrome.type
text
The certificate's type. Options include root, intermediate, or leaf.
certificate.validation.chrome.chains
nested
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
certificate.validation.chrome.chains.sha256fp
text
certificate.validation.chrome.ever_valid
boolean
Whether the certificate has ever been considered valid by the root store.
certificate.validation.chrome.had_trusted_path
boolean
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.chrome.has_trusted_path
boolean
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.google_ct_primary
object
A record containing validation information about the certificate from the Google CT Primary root store.
certificate.validation.google_ct_primary.parents
text
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
certificate.validation.google_ct_primary.type
text
The certificate's type. Options include root, intermediate, or leaf.
certificate.validation.google_ct_primary.chains
nested
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
certificate.validation.google_ct_primary.chains.sha256fp
text
certificate.validation.google_ct_primary.ever_valid
boolean
Whether the certificate has ever been considered valid by the root store.
certificate.validation.google_ct_primary.had_trusted_path
boolean
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.google_ct_primary.has_trusted_path
boolean
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.google_ct_primary.in_revocation_set
boolean
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
certificate.validation.google_ct_primary.is_valid
boolean
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
certificate.validation.microsoft
object
A record containing validation information about the certificate from the Microsoft root store.
certificate.validation.microsoft.type
text
The certificate's type. Options include root, intermediate, or leaf.
certificate.validation.microsoft.chains
nested
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
certificate.validation.microsoft.chains.sha256fp
text
certificate.validation.microsoft.ever_valid
boolean
Whether the certificate has ever been considered valid by the root store.
certificate.validation.microsoft.had_trusted_path
boolean
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.microsoft.has_trusted_path
boolean
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.microsoft.in_revocation_set
boolean
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
certificate.validation.microsoft.is_valid
boolean
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
certificate.validation.microsoft.parents
text
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
certificate.validation.nss
object
A record containing validation information about the certificate from the Mozilla NSS root store.
certificate.validation.nss.is_valid
boolean
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
certificate.validation.nss.parents
text
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
certificate.validation.nss.type
text
The certificate's type. Options include root, intermediate, or leaf.
certificate.validation.nss.chains
nested
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
certificate.validation.nss.chains.sha256fp
text
certificate.validation.nss.ever_valid
boolean
Whether the certificate has ever been considered valid by the root store.
certificate.validation.nss.had_trusted_path
boolean
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.nss.has_trusted_path
boolean
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.nss.in_revocation_set
boolean
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
certificate.validation.apple
object
A record containing validation information about the certificate from the Apple root store.
certificate.validation.apple.chains
nested
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
certificate.validation.apple.chains.sha256fp
text
certificate.validation.apple.ever_valid
boolean
Whether the certificate has ever been considered valid by the root store.
certificate.validation.apple.had_trusted_path
boolean
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.apple.has_trusted_path
boolean
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
certificate.validation.apple.in_revocation_set
boolean
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
certificate.validation.apple.is_valid
boolean
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
certificate.validation.apple.parents
text
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
certificate.validation.apple.type
text
The certificate's type. Options include root, intermediate, or leaf.
certificate.revoked
boolean
certificate.zlint
object
certificate.zlint.failed_lints
text
A list of lint names which failed, if applicable.
certificate.zlint.fatals_present
boolean
Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
certificate.zlint.notices_present
boolean
Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
certificate.zlint.timestamp
date
An RFC-3339-formated timestamp indicating when the certificate was linted.
certificate.zlint.version
long
The version of Zlint used to lint the certificate.
certificate.zlint.warnings_present
boolean
Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
certificate.zlint.errors_present
boolean
Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
certificate.fingerprint_sha1
text
certificate.validation_level
text
certificate.ever_seen_in_scan
boolean
certificate.parsed
object
certificate.parsed.subject_dn
text
Distinguished Name of the entity associated with the public key.
certificate.parsed.issuer
object
A record containing the parsed contents of the issuer_dn.
certificate.parsed.issuer.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.issuer.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.issuer.organization_id
text
certificate.parsed.issuer.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.issuer.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.issuer.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.issuer.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.issuer.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.issuer.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.issuer.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.issuer.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.issuer.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.issuer.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.issuer.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.issuer.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.issuer.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.issuer.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parsed.unknown_extensions
nested
certificate.parsed.unknown_extensions.id
text
certificate.parsed.unknown_extensions.value
text
certificate.parsed.unknown_extensions.critical
boolean
certificate.parsed.version
integer
certificate.parsed.redacted
boolean
certificate.parsed.serial_number
text
Issuer-specific identifier of the certificate.
certificate.parsed.validity_period
object
Information about the time for which the certificate is valid.
certificate.parsed.validity_period.length_seconds
long
The duration of the certificate's validity period, in seconds.
certificate.parsed.validity_period.not_after
date
An RFC-3339-formatted timestamp after which the certificate is no longer valid.
certificate.parsed.validity_period.not_before
date
An RFC-3339-formatted timestamp before which the certificate is not valid.
certificate.parsed.subject_key_info
object
Information about the certificate's public key.
certificate.parsed.subject_key_info.rsa
object
A record containing the public portion of an RSA asymmetric key.
certificate.parsed.subject_key_info.rsa.exponent
long
The RSA key's public exponent (e).
certificate.parsed.subject_key_info.rsa.length
long
Bit-length of the RSA modulus.
certificate.parsed.subject_key_info.rsa.modulus
text
The RSA key's modulus (n) in big-endian encoding.
certificate.parsed.subject_key_info.dsa
object
A record containing the public portion of a DSA asymmetric key.
certificate.parsed.subject_key_info.dsa.g
text
certificate.parsed.subject_key_info.dsa.p
text
certificate.parsed.subject_key_info.dsa.q
text
certificate.parsed.subject_key_info.dsa.y
text
certificate.parsed.subject_key_info.ecdsa
object
A record containing the public portion of an ECDSA asymmetric key.
certificate.parsed.subject_key_info.ecdsa.gy
text
certificate.parsed.subject_key_info.ecdsa.pub
text
certificate.parsed.subject_key_info.ecdsa.b
text
certificate.parsed.subject_key_info.ecdsa.curve
text
certificate.parsed.subject_key_info.ecdsa.y
text
certificate.parsed.subject_key_info.ecdsa.n
text
certificate.parsed.subject_key_info.ecdsa.p
text
certificate.parsed.subject_key_info.ecdsa.gx
text
certificate.parsed.subject_key_info.ecdsa.length
long
certificate.parsed.subject_key_info.ecdsa.x
text
certificate.parsed.subject_key_info.fingerprint_sha256
text
The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
certificate.parsed.subject_key_info.key_algorithm
object
A record containing information about the type of subject key algorithm and any relevant parameters.
certificate.parsed.subject_key_info.key_algorithm.name
text
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
certificate.parsed.subject_key_info.key_algorithm.oid
text
certificate.parsed.issuer_dn
text
Distinguished Name of the entity that has signed and issued the certificate.
certificate.parsed.signature
object
certificate.parsed.signature.self_signed
boolean
Whether the certificate was signed by its own key.
certificate.parsed.signature.signature_algorithm
object
certificate.parsed.signature.signature_algorithm.name
text
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
certificate.parsed.signature.signature_algorithm.oid
text
certificate.parsed.signature.valid
boolean
Whether the signature is valid.
certificate.parsed.signature.value
text
Contents of the signature.
certificate.parsed.extensions
object
A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
certificate.parsed.extensions.tor_service_descriptors
nested
certificate.parsed.extensions.tor_service_descriptors.hash_bits
integer
certificate.parsed.extensions.tor_service_descriptors.onion
text
certificate.parsed.extensions.tor_service_descriptors.algorithm_name
text
certificate.parsed.extensions.tor_service_descriptors.hash
text
certificate.parsed.extensions.subject_alt_name
object
The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
certificate.parsed.extensions.subject_alt_name.directory_names
nested
The parsed directoryName entries in the GeneralName.
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.extensions.subject_alt_name.directory_names.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.extensions.subject_alt_name.directory_names.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.extensions.subject_alt_name.directory_names.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.extensions.subject_alt_name.directory_names.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.extensions.subject_alt_name.directory_names.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.extensions.subject_alt_name.directory_names.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.extensions.subject_alt_name.directory_names.organization_id
text
certificate.parsed.extensions.subject_alt_name.directory_names.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.extensions.subject_alt_name.directory_names.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parsed.extensions.subject_alt_name.directory_names.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.extensions.subject_alt_name.directory_names.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.extensions.subject_alt_name.directory_names.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.extensions.subject_alt_name.directory_names.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.extensions.subject_alt_name.dns_names
text
The parsed dNSName entries in the GeneralName.
certificate.parsed.extensions.subject_alt_name.edi_party_names
nested
The parsed eDIPartyName entries in the GeneralName.
certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner
text
certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name
text
certificate.parsed.extensions.subject_alt_name.email_addresses
text
The parsed rfc822Name entries in the GeneralName.
certificate.parsed.extensions.subject_alt_name.ip_addresses
text
The parsed ipAddress entries in the GeneralName.
certificate.parsed.extensions.subject_alt_name.other_names
nested
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
certificate.parsed.extensions.subject_alt_name.other_names.value
text
The raw otherName value.
certificate.parsed.extensions.subject_alt_name.other_names.id
text
The OID identifying the syntax of the otherName value.
certificate.parsed.extensions.subject_alt_name.registered_ids
text
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers
text
The parsed uniformResourceIdentifier entries in the GeneralName.
certificate.parsed.extensions.key_usage
object
The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
certificate.parsed.extensions.key_usage.decipher_only
boolean
Whether the decipherOnly bit is set.
certificate.parsed.extensions.key_usage.value
unsigned_long
The integer value of the bitmask in the extension.
certificate.parsed.extensions.key_usage.key_agreement
boolean
Whether the keyAgreement bit is set.
certificate.parsed.extensions.key_usage.key_encipherment
boolean
Whether the keyEncipherment bit is set.
certificate.parsed.extensions.key_usage.encipher_only
boolean
Whether the encipherOnly bit is set.
certificate.parsed.extensions.key_usage.content_commitment
boolean
Whether the contentCommitment (formerly called nonRepudiation) bit is set.
certificate.parsed.extensions.key_usage.data_encipherment
boolean
Whether the dataEncipherment bit is set.
certificate.parsed.extensions.key_usage.crl_sign
boolean
Whether the cRLSign bit is set.
certificate.parsed.extensions.key_usage.certificate_sign
boolean
Whether the keyCertSign bit is set.
certificate.parsed.extensions.key_usage.digital_signature
boolean
Whether the digitalSignature bit is set.
certificate.parsed.extensions.name_constraints
object
The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
certificate.parsed.extensions.name_constraints.excluded_directory_names
nested
A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.extensions.name_constraints.excluded_directory_names.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.extensions.name_constraints.excluded_directory_names.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.extensions.name_constraints.excluded_directory_names.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.extensions.name_constraints.excluded_directory_names.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id
text
certificate.parsed.extensions.name_constraints.excluded_directory_names.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parsed.extensions.name_constraints.critical
boolean
certificate.parsed.extensions.name_constraints.permitted_email_addresses
text
A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_email_addresses
text
A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_uris
text
A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_names
text
A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_ip_addresses
nested
A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask
text
The subnet mask of the CIDR.
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin
text
The first IP address in the range.
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr
text
The CIDR specifying the subtree.
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end
text
The last IP address in the range.
certificate.parsed.extensions.name_constraints.permitted_registered_ids
text
A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_registered_ids
text
A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.permitted_ip_addresses
nested
A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin
text
The first IP address in the range.
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr
text
The CIDR specifying the subtree.
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end
text
The last IP address in the range.
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask
text
The subnet mask of the CIDR.
certificate.parsed.extensions.name_constraints.permitted_names
text
A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_edi_party_names
nested
A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner
text
certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name
text
certificate.parsed.extensions.name_constraints.permitted_edi_party_names
nested
A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name
text
certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner
text
certificate.parsed.extensions.name_constraints.permitted_uris
text
A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.permitted_directory_names
nested
A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.extensions.name_constraints.permitted_directory_names.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.extensions.name_constraints.permitted_directory_names.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.extensions.name_constraints.permitted_directory_names.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id
text
certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.extensions.name_constraints.permitted_directory_names.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.extensions.name_constraints.permitted_directory_names.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parsed.extensions.ct_poison
boolean
Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
certificate.parsed.extensions.authority_info_access
object
The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
certificate.parsed.extensions.authority_info_access.ocsp_urls
text
certificate.parsed.extensions.authority_info_access.issuer_urls
text
certificate.parsed.extensions.crl_distribution_points
text
The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).
certificate.parsed.extensions.extended_key_usage
object
The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env
boolean
certificate.parsed.extensions.extended_key_usage.ocsp_signing
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos
boolean
certificate.parsed.extensions.extended_key_usage.email_protection
boolean
certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_document_signing
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_smart_display
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing
boolean
certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_env
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon
boolean
certificate.parsed.extensions.extended_key_usage.eap_over_lan
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized
boolean
certificate.parsed.extensions.extended_key_usage.unknown
text
certificate.parsed.extensions.extended_key_usage.apple_resource_signing
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization
boolean
certificate.parsed.extensions.extended_key_usage.apple_ichat_signing
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env
boolean
certificate.parsed.extensions.extended_key_usage.apple_code_signing
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_license_server
boolean
certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party
boolean
certificate.parsed.extensions.extended_key_usage.any
boolean
certificate.parsed.extensions.extended_key_usage.ipsec_user
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_licenses
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto
boolean
certificate.parsed.extensions.extended_key_usage.ipsec_tunnel
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_qos
boolean
certificate.parsed.extensions.extended_key_usage.apple_code_signing_development
boolean
certificate.parsed.extensions.extended_key_usage.apple_software_update_signing
boolean
certificate.parsed.extensions.extended_key_usage.ipsec_end_system
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3
boolean
certificate.parsed.extensions.extended_key_usage.apple_system_identity
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_system_health
boolean
certificate.parsed.extensions.extended_key_usage.time_stamping
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery
boolean
certificate.parsed.extensions.extended_key_usage.client_auth
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto
boolean
certificate.parsed.extensions.extended_key_usage.server_auth
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_drm
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto
boolean
certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature
boolean
certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption
boolean
certificate.parsed.extensions.extended_key_usage.eap_over_ppp
boolean
certificate.parsed.extensions.extended_key_usage.code_signing
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system
boolean
certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole
boolean
certificate.parsed.extensions.extended_key_usage.dvcs
boolean
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos
boolean
certificate.parsed.extensions.authority_key_id
text
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
certificate.parsed.extensions.basic_constraints
object
The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
certificate.parsed.extensions.basic_constraints.is_ca
boolean
Whether the certificate is permitted to sign other certificates.
certificate.parsed.extensions.basic_constraints.max_path_len
integer
When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
certificate.parsed.extensions.qc_statements
object
certificate.parsed.extensions.qc_statements.parsed
object
certificate.parsed.extensions.qc_statements.parsed.types
nested
certificate.parsed.extensions.qc_statements.parsed.types.ids
text
certificate.parsed.extensions.qc_statements.parsed.etsi_compliance
boolean
certificate.parsed.extensions.qc_statements.parsed.legislation
nested
certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes
text
certificate.parsed.extensions.qc_statements.parsed.limit
nested
certificate.parsed.extensions.qc_statements.parsed.limit.amount
long
certificate.parsed.extensions.qc_statements.parsed.limit.currency
text
certificate.parsed.extensions.qc_statements.parsed.limit.currency_number
long
certificate.parsed.extensions.qc_statements.parsed.limit.exponent
long
certificate.parsed.extensions.qc_statements.parsed.pds_locations
nested
certificate.parsed.extensions.qc_statements.parsed.pds_locations.url
text
certificate.parsed.extensions.qc_statements.parsed.pds_locations.language
text
certificate.parsed.extensions.qc_statements.parsed.retention_period
long
certificate.parsed.extensions.qc_statements.parsed.sscd
boolean
certificate.parsed.extensions.qc_statements.ids
text
certificate.parsed.extensions.certificate_policies
nested
The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
certificate.parsed.extensions.certificate_policies.cps
text
certificate.parsed.extensions.certificate_policies.id
text
certificate.parsed.extensions.certificate_policies.user_notice
nested
certificate.parsed.extensions.certificate_policies.user_notice.explicit_text
text
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference
object
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers
integer
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization
text
certificate.parsed.extensions.signed_certificate_timestamps
nested
certificate.parsed.extensions.signed_certificate_timestamps.timestamp
date
certificate.parsed.extensions.signed_certificate_timestamps.version
integer
certificate.parsed.extensions.signed_certificate_timestamps.log_id
text
certificate.parsed.extensions.signed_certificate_timestamps.signature
object
certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm
text
certificate.parsed.extensions.signed_certificate_timestamps.signature.signature
text
certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm
text
certificate.parsed.extensions.subject_key_id
text
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
certificate.parsed.extensions.cabf_organization_id
object
CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
certificate.parsed.extensions.cabf_organization_id.state
text
certificate.parsed.extensions.cabf_organization_id.country
text
certificate.parsed.extensions.cabf_organization_id.reference
text
certificate.parsed.extensions.cabf_organization_id.scheme
text
certificate.parsed.extensions.issuer_alt_name
object
The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
certificate.parsed.extensions.issuer_alt_name.edi_party_names
nested
The parsed eDIPartyName entries in the GeneralName.
certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner
text
certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name
text
certificate.parsed.extensions.issuer_alt_name.email_addresses
text
The parsed rfc822Name entries in the GeneralName.
certificate.parsed.extensions.issuer_alt_name.ip_addresses
text
The parsed ipAddress entries in the GeneralName.
certificate.parsed.extensions.issuer_alt_name.other_names
nested
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
certificate.parsed.extensions.issuer_alt_name.other_names.id
text
The OID identifying the syntax of the otherName value.
certificate.parsed.extensions.issuer_alt_name.other_names.value
text
The raw otherName value.
certificate.parsed.extensions.issuer_alt_name.registered_ids
text
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers
text
The parsed uniformResourceIdentifier entries in the GeneralName.
certificate.parsed.extensions.issuer_alt_name.directory_names
nested
The parsed directoryName entries in the GeneralName.
certificate.parsed.extensions.issuer_alt_name.directory_names.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parsed.extensions.issuer_alt_name.directory_names.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.extensions.issuer_alt_name.directory_names.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.extensions.issuer_alt_name.directory_names.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.extensions.issuer_alt_name.directory_names.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.extensions.issuer_alt_name.directory_names.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id
text
certificate.parsed.extensions.issuer_alt_name.directory_names.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.extensions.issuer_alt_name.directory_names.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.extensions.issuer_alt_name.directory_names.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.extensions.issuer_alt_name.dns_names
text
The parsed dNSName entries in the GeneralName.
certificate.parsed.subject
object
A record containing the parsed contents of the subject_dn.
certificate.parsed.subject.street_address
text
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
certificate.parsed.subject.serial_number
keyword
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
certificate.parsed.subject.given_name
text
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
certificate.parsed.subject.surname
text
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
certificate.parsed.subject.domain_component
text
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
certificate.parsed.subject.jurisdiction_province
text
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
certificate.parsed.subject.jurisdiction_locality
text
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
certificate.parsed.subject.email_address
text
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
certificate.parsed.subject.country
text
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
certificate.parsed.subject.locality
text
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
certificate.parsed.subject.postal_code
keyword
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
certificate.parsed.subject.organization_id
text
certificate.parsed.subject.organizational_unit
text
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
certificate.parsed.subject.common_name
text
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
certificate.parsed.subject.jurisdiction_country
text
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
certificate.parsed.subject.province
text
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
certificate.parsed.subject.organization
text
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
certificate.parse_status
text

Storage Buckets

A cloud object storage system, supporting files or other objects, which includes solutions like Amazon S3, Google Cloud Storage, and Azure Blob Storage. Storage bucket fields include account information (if available from a Censys Cloud Connector) and externally observed access settings.

Fields
Field NameValue TypeDescription
storage_bucket
object
storage_bucket.uri
text
storage_bucket.readable_objects
boolean
storage_bucket.editable_settings
boolean
storage_bucket.name
text
storage_bucket.provider
text
storage_bucket.account_id
text
storage_bucket.writable_objects
boolean
storage_bucket.cri
text
storage_bucket.scanned_at
date

Risks

Risks are weaknesses detected in assets that Censys believes should be remediated. Risk fields include statuses and detection and last observation time stamps.

Fields
Field NameValue TypeDescription
risks
nested
risks.categories
text
risks.discovered_at
date
risks.name
text
risks.severity
text
risks.status
text
risks.type
text
risks.user_status
text

Other

Top-level information such as user-applied tags.

Fields
Field NameValue TypeDescription
source
text
tags
text
association_date
date
type
text