Inventory Management Asset Schemas
Hosts
Hosts are computers, virtual machines, or devices connected to the Internet with an IP address. Host fields include those that apply to the whole host (such as geolocation or Internet routing) and those that apply to services observed on open ports.
Fields
Field Name | Value Type | Description |
---|---|---|
host |
object | |
host.name |
text | |
host.operating_system |
object | |
host.operating_system.source |
text |
Defines the source that this software information was derived from.
|
host.operating_system.other |
object |
Other attributes describing the identified software
|
host.operating_system.other.key |
text | |
host.operating_system.other.value |
text | |
host.operating_system.product |
text |
Identifies the most common and recognizable title or name of the product.
|
host.operating_system.target_hw |
text |
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are considered instruction set architectures.
|
host.operating_system.sw_edition |
text |
Characterizes how the product is tailored to a particular market or class of end users.
|
host.operating_system.update |
text |
Vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
|
host.operating_system.version |
text |
Vendor-specific alphanumeric strings characterizing the particular release version of the product.
|
host.operating_system.vendor |
text |
Identifies the person or organization that manufactured or created the product.
|
host.operating_system.part |
keyword |
Defines the class of this software: a for application, o for operating system, h for hardware devices.
|
host.operating_system.edition |
text |
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3 but kept for backward compatibility with CPE 2.2.
|
host.operating_system.component_uniform_resource_identifiers |
text |
URIs of software components related to the identified software.
|
host.operating_system.target_sw |
text |
Characterizes the software computing environment within which the product operates.
|
host.operating_system.language |
text |
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
|
host.operating_system.uniform_resource_identifier |
text |
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
|
host.dns |
object | |
host.dns.names |
text | |
host.dns.reverse_dns |
object | |
host.dns.reverse_dns.resolved_at |
date | |
host.dns.reverse_dns.names |
text | |
host.autonomous_system |
object | |
host.autonomous_system.organization |
text |
The name of the organization managing the autonomous system.
|
host.autonomous_system.asn |
unsigned_long |
The ASN (autonomous system number) of the host's autonomous system.
|
host.autonomous_system.bgp_prefix |
ip_range |
The autonomous system's CIDR.
|
host.autonomous_system.country_code |
keyword |
The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
host.autonomous_system.description |
text |
Brief description of the autonomous system.
|
host.autonomous_system.name |
text |
The friendly name of the autonomous system.
|
host.services |
nested | |
host.services.prometheus |
object | |
host.services.prometheus.http_info |
object | |
host.services.prometheus.http_info.status_code |
unsigned_long |
Status code received from hitting /api/v1/targets.
|
host.services.prometheus.http_info.headers |
nested | |
host.services.prometheus.http_info.headers.key |
text | |
host.services.prometheus.http_info.headers.value |
object | |
host.services.prometheus.http_info.headers.value.headers |
text | |
host.services.prometheus.http_info.status |
text |
Status message received from hitting /api/v1/targets.
|
host.services.prometheus.response |
object |
Information Prometheus captured as well as build information.
|
host.services.prometheus.response.go_versions |
text |
List of the versions of Go.
|
host.services.prometheus.response.prometheus_versions |
object | |
host.services.prometheus.response.prometheus_versions.go_version |
text |
Version of Go used to build Prometheus.
|
host.services.prometheus.response.prometheus_versions.revision |
text |
Revision of Prometheus.
|
host.services.prometheus.response.prometheus_versions.version |
text |
Version of Prometheus.
|
host.services.prometheus.response.active_targets |
object |
List of active targets.
|
host.services.prometheus.response.active_targets.last_scrape |
text |
Last time Prometheus scraped target.
|
host.services.prometheus.response.active_targets.scrape_url |
text |
URL that Prometheus scraped.
|
host.services.prometheus.response.active_targets.discovered_labels |
object | |
host.services.prometheus.response.active_targets.discovered_labels.job |
text |
Job of target.
|
host.services.prometheus.response.active_targets.discovered_labels.metrics_path |
text |
Path to metrics of target.
|
host.services.prometheus.response.active_targets.discovered_labels.scheme |
text |
URL scheme.
|
host.services.prometheus.response.active_targets.discovered_labels.address |
text |
Address of target.
|
host.services.prometheus.response.active_targets.health |
text |
Whether target is up or down.
|
host.services.prometheus.response.active_targets.labels |
object | |
host.services.prometheus.response.active_targets.labels.job |
text |
Job of target after relabelling occurs.
|
host.services.prometheus.response.active_targets.labels.instance |
text |
Instance after relabelling occurs.
|
host.services.prometheus.response.active_targets.last_error |
text |
Last error that occurred within target.
|
host.services.prometheus.response.all_versions |
text |
List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
|
host.services.prometheus.response.config_exposed |
boolean |
True when the config endpoint is exposed.
|
host.services.prometheus.response.dropped_targets |
object |
List of dropped targets.
|
host.services.prometheus.response.dropped_targets.metrics_path |
text |
Path to metrics of target.
|
host.services.prometheus.response.dropped_targets.scheme |
text |
URL scheme.
|
host.services.prometheus.response.dropped_targets.address |
text |
Address of target.
|
host.services.prometheus.response.dropped_targets.job |
text |
Job of target.
|
host.services.fortigate |
object | |
host.services.fortigate.serial |
text | |
host.services.fortigate.status_code |
integer | |
host.services.fortigate.status_msg |
text | |
host.services.fortigate.version |
text | |
host.services.fortigate.api_version |
text | |
host.services.fortigate.build |
integer | |
host.services.fortigate.http_info |
object | |
host.services.fortigate.http_info.headers |
nested | |
host.services.fortigate.http_info.headers.value |
object | |
host.services.fortigate.http_info.headers.value.headers |
text | |
host.services.fortigate.http_info.headers.key |
text | |
host.services.fortigate.http_info.status |
text |
Status message received from hitting 404 /censys.inspect.
|
host.services.fortigate.http_info.status_code |
unsigned_long |
Status code received from hitting /censys.inspect.
|
host.services.skinny |
object | |
host.services.skinny.response |
text | |
host.services.cwmp |
object | |
host.services.cwmp.http_info |
object | |
host.services.cwmp.http_info.status_code |
integer | |
host.services.cwmp.http_info.headers |
nested | |
host.services.cwmp.http_info.headers.key |
text | |
host.services.cwmp.http_info.headers.value |
object | |
host.services.cwmp.http_info.headers.value.headers |
text | |
host.services.cwmp.http_info.body_size |
integer | |
host.services.cwmp.http_info.body |
text | |
host.services.cwmp.http_info.protocol |
text | |
host.services.cwmp.http_info.status_reason |
text | |
host.services.cwmp.http_info.body_hashes |
keyword | |
host.services.cwmp.http_info.html_title |
text | |
host.services.cwmp.http_info.html_tags |
text | |
host.services.cwmp.http_info.favicons |
object | |
host.services.cwmp.http_info.favicons.size |
integer | |
host.services.cwmp.http_info.favicons.md5_hash |
keyword | |
host.services.cwmp.http_info.favicons.name |
text | |
host.services.rdp |
object | |
host.services.rdp.x224_cc_pdu_srcref |
unsigned_long | |
host.services.rdp.certificate_info |
object | |
host.services.rdp.certificate_info.proprietary_rsa_key |
object | |
host.services.rdp.certificate_info.proprietary_rsa_key.key_length |
unsigned_long | |
host.services.rdp.certificate_info.proprietary_rsa_key.magic |
unsigned_long | |
host.services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen |
unsigned_long | |
host.services.rdp.certificate_info.proprietary_rsa_key.modulus |
text | |
host.services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen |
unsigned_long | |
host.services.rdp.certificate_info.proprietary_rsa_key.public_exponent |
unsigned_long | |
host.services.rdp.certificate_info.proprietary_rsa_key.signature |
text | |
host.services.rdp.certificate_info.internal_x509_chain_fps |
keyword | |
host.services.rdp.connect_response |
object | |
host.services.rdp.connect_response.connect_id |
unsigned_long | |
host.services.rdp.connect_response.domain_parameters |
object | |
host.services.rdp.connect_response.domain_parameters.max_user_id_channels |
long | |
host.services.rdp.connect_response.domain_parameters.min_throughput |
long | |
host.services.rdp.connect_response.domain_parameters.num_priorities |
long | |
host.services.rdp.connect_response.domain_parameters.domain_protocol_version |
long | |
host.services.rdp.connect_response.domain_parameters.max_channel_ids |
long | |
host.services.rdp.connect_response.domain_parameters.max_mcspdu_size |
long | |
host.services.rdp.connect_response.domain_parameters.max_provider_height |
long | |
host.services.rdp.connect_response.domain_parameters.max_token_ids |
long | |
host.services.rdp.protocol_flags |
object | |
host.services.rdp.protocol_flags.restricted_auth_mode |
boolean | |
host.services.rdp.protocol_flags.dynvc_graphics_pipeline |
boolean | |
host.services.rdp.protocol_flags.extended_client_data_supported |
boolean | |
host.services.rdp.protocol_flags.neg_resp_reserved |
boolean | |
host.services.rdp.protocol_flags.restricted_admin_mode |
boolean | |
host.services.rdp.selected_security_protocol |
object | |
host.services.rdp.selected_security_protocol.tls |
boolean | |
host.services.rdp.selected_security_protocol.error_hybrid_required |
boolean | |
host.services.rdp.selected_security_protocol.error_ssl_forbidden |
boolean | |
host.services.rdp.selected_security_protocol.rdstls |
boolean | |
host.services.rdp.selected_security_protocol.error_ssl_user_auth_required |
boolean | |
host.services.rdp.selected_security_protocol.error_ssl_required |
boolean | |
host.services.rdp.selected_security_protocol.error_bad_flags |
boolean | |
host.services.rdp.selected_security_protocol.credssp |
boolean | |
host.services.rdp.selected_security_protocol.error_unknown |
boolean | |
host.services.rdp.selected_security_protocol.error |
boolean | |
host.services.rdp.selected_security_protocol.error_ssl_cert_missing |
boolean | |
host.services.rdp.selected_security_protocol.raw_value |
unsigned_long | |
host.services.rdp.selected_security_protocol.standard_rdp |
boolean | |
host.services.rdp.selected_security_protocol.credssp_early_auth |
boolean | |
host.services.rdp.version |
object | |
host.services.rdp.version.major |
integer | |
host.services.rdp.version.minor |
integer | |
host.services.rdp.version.raw |
unsigned_long |
Raw Version Response. Major version is stored in upper 2 bytes, minor in lower 2 bytes.
|
host.services.jarm |
object | |
host.services.jarm.cipher_and_version_fingerprint |
text |
The first 30-byte portion of the Jarm fingerprint.
|
host.services.jarm.fingerprint |
text |
The 62-byte Jarm fingerprint of the service.
|
host.services.jarm.observed_at |
date |
The time the service was fingerprinted.
|
host.services.jarm.tls_extensions_sha256 |
text |
The second 32-byte portion of the Jarm fingerprint.
|
host.services.port |
integer | |
host.services.extended_service_name |
text | |
host.services.ipmi |
object | |
host.services.ipmi.capabilities |
object |
The Get Channel Authentication Capabilities response (section 22.13)
|
host.services.ipmi.capabilities.completion_code |
object |
The status code of the response.
|
host.services.ipmi.capabilities.completion_code.raw |
integer |
The raw completion code.
|
host.services.ipmi.capabilities.completion_code.name |
text |
The human-readable name of the code.
|
host.services.ipmi.capabilities.extended_capabilities |
object |
Extended auth capabilities (if present).
|
host.services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5 |
boolean |
True if IPMI v1.5 is supported.
|
host.services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0 |
boolean |
True if IPMI v2.0 is supported.
|
host.services.ipmi.capabilities.oem_data |
integer |
The OEM-specific data.
|
host.services.ipmi.capabilities.oem_id |
text |
The 3-byte OEM identifier.
|
host.services.ipmi.capabilities.supported_auth_types |
object |
The auth types supported by the server.
|
host.services.ipmi.capabilities.supported_auth_types.none |
boolean |
True if the None AuthType is supported.
|
host.services.ipmi.capabilities.supported_auth_types.oem_proprietary |
boolean |
True if the OEM Proprietary AuthType is supported.
|
host.services.ipmi.capabilities.supported_auth_types.password |
boolean |
True if the Password AuthType is supported.
|
host.services.ipmi.capabilities.supported_auth_types.raw |
integer |
The raw byte, with the bit mask, etc.
|
host.services.ipmi.capabilities.supported_auth_types.extended |
boolean |
If true, the extended capabilities are present.
|
host.services.ipmi.capabilities.supported_auth_types.md2 |
boolean |
True if the MD2 AuthType is supported.
|
host.services.ipmi.capabilities.supported_auth_types.md5 |
boolean |
True if the MD5 AuthType is supported.
|
host.services.ipmi.capabilities.auth_status |
object |
The authentication status.
|
host.services.ipmi.capabilities.auth_status.user_auth_disabled |
boolean |
If true, user authentication is disabled.
|
host.services.ipmi.capabilities.auth_status.anonymous_login_enabled |
boolean |
If true, the server allows anonymous login.
|
host.services.ipmi.capabilities.auth_status.auth_each_message |
boolean |
If true, each message must be authenticated.
|
host.services.ipmi.capabilities.auth_status.has_anonymous_users |
boolean |
If true, the server has anonymous users.
|
host.services.ipmi.capabilities.auth_status.has_named_users |
boolean |
If true, the server supports named users.
|
host.services.ipmi.capabilities.auth_status.two_key_login_required |
boolean |
The KG field.
|
host.services.ipmi.capabilities.channel_number |
integer |
The response channel number.
|
host.services.ipmi.command_payload |
object |
The IPMI command payload.
|
host.services.ipmi.command_payload.requestor_sequence_number |
integer |
The request sequence number.
|
host.services.ipmi.command_payload.checksum_error |
boolean |
This is set to true if the values of chk1 / chk2 do not match the command data.
|
host.services.ipmi.command_payload.data |
text |
The raw data. On success, this should be the value of the GetAuthenticationCapabilities response.
|
host.services.ipmi.command_payload.ipmi_command_number |
object |
The parsed IPMI command number.
|
host.services.ipmi.command_payload.ipmi_command_number.name |
text |
The human-readable name of the cmd + NetFn.
|
host.services.ipmi.command_payload.ipmi_command_number.raw |
integer |
The raw value of the cmd value.
|
host.services.ipmi.command_payload.network_function_code |
object |
The NetFn and LUN.
|
host.services.ipmi.command_payload.network_function_code.logical_unit_number |
object |
The parsed LUN (logical unit number -- the lower 2 bits of raw).
|
host.services.ipmi.command_payload.network_function_code.logical_unit_number.name |
text |
The human-readable name of the LUN.
|
host.services.ipmi.command_payload.network_function_code.logical_unit_number.raw |
integer |
The value of the LUN (3 bits).
|
host.services.ipmi.command_payload.network_function_code.net_fn |
object |
The parsed NetFn value (the upper 6 bits of raw).
|
host.services.ipmi.command_payload.network_function_code.net_fn.raw |
integer |
The raw value of the NetFn (6 bits, least significant indicates request/response).
|
host.services.ipmi.command_payload.network_function_code.net_fn.value |
integer |
The normalized value of the NetFn (i.e., raw & 0xfe, so it is always even).
|
host.services.ipmi.command_payload.network_function_code.net_fn.is_request |
boolean |
True if the least-significant bit is zero.
|
host.services.ipmi.command_payload.network_function_code.net_fn.is_response |
boolean |
True if the least-significant bit is 1.
|
host.services.ipmi.command_payload.network_function_code.net_fn.name |
text |
The human-readable name of the NetFn.
|
host.services.ipmi.command_payload.network_function_code.raw |
integer |
The raw value of the (NetFn << 2) | LUN.
|
host.services.ipmi.raw |
text |
The raw data returned by the server.
|
host.services.ipmi.rmcp_header |
object |
The RMCP header of the response, (section 13.1.3).
|
host.services.ipmi.rmcp_header.message_class |
object |
The class of the message.
|
host.services.ipmi.rmcp_header.message_class.raw |
integer |
The raw message class byte.
|
host.services.ipmi.rmcp_header.message_class.class |
integer |
Just the class part of the byte (lower 5 bits of raw).
|
host.services.ipmi.rmcp_header.message_class.is_ack |
boolean |
True if the message is an acknowledgment to a previous message.
|
host.services.ipmi.rmcp_header.message_class.name |
text |
The human-readable name of the message class.
|
host.services.ipmi.rmcp_header.sequence_number |
integer |
Sequence number of this packet in the session.
|
host.services.ipmi.rmcp_header.version |
integer |
The version. This scanner supports version 6.
|
host.services.ipmi.session_header |
object |
The IPMI session header of the response.
|
host.services.ipmi.session_header.session_sequence_number |
long |
The session sequence number of this packet in the session.
|
host.services.ipmi.session_header.auth_code |
text |
The 16-byte authentication code; not present if auth_type is None.
|
host.services.ipmi.session_header.auth_type |
object |
The authentication type for this request (see section 13.6).
|
host.services.ipmi.session_header.auth_type.name |
text |
The raw value of the auth_type.
|
host.services.ipmi.session_header.auth_type.raw |
integer |
The raw value of the auth_type.
|
host.services.ipmi.session_header.auth_type.type |
integer |
Just the auth type (reserved bits omitted).
|
host.services.ipmi.session_header.session_id |
long |
The ID of this sessiod.
|
host.services.elasticsearch |
object | |
host.services.elasticsearch.node_info |
object | |
host.services.elasticsearch.node_info.nodes |
object | |
host.services.elasticsearch.node_info.nodes.node_name |
text | |
host.services.elasticsearch.node_info.nodes.node_data |
object | |
host.services.elasticsearch.node_info.nodes.node_data.build_type |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules |
object | |
host.services.elasticsearch.node_info.nodes.node_data.modules.elastic_version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl |
boolean | |
host.services.elasticsearch.node_info.nodes.node_data.modules.java_version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.class_name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.modules.desc |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings |
object | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node |
object | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr |
object | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml |
object | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings.node.name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.settings.cluster_name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.build_hash |
text | |
host.services.elasticsearch.node_info.nodes.node_data.roles |
text | |
host.services.elasticsearch.node_info.nodes.node_data.ingest_processors |
text | |
host.services.elasticsearch.node_info.nodes.node_data.build_flavor |
text | |
host.services.elasticsearch.node_info.nodes.node_data.name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list |
object | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max |
integer | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min |
integer | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size |
integer | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type |
text | |
host.services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive |
text | |
host.services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer |
unsigned_long | |
host.services.elasticsearch.node_info.nodes.node_data.ip |
ip | |
host.services.elasticsearch.node_info.nodes.node_data.os |
object | |
host.services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms |
unsigned_long | |
host.services.elasticsearch.node_info.nodes.node_data.os.version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.os.allocated_proc |
integer | |
host.services.elasticsearch.node_info.nodes.node_data.os.arch |
text | |
host.services.elasticsearch.node_info.nodes.node_data.os.available_proc |
integer | |
host.services.elasticsearch.node_info.nodes.node_data.os.name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.os.pretty_name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.host |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm |
object | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.vm_name |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.input_args |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.start_time |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.gc |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.version |
text | |
host.services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms |
unsigned_long | |
host.services.elasticsearch.node_info.cluster_combined_info |
object | |
host.services.elasticsearch.node_info.cluster_combined_info.uuid |
text | |
host.services.elasticsearch.node_info.cluster_combined_info.filesystem |
object | |
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes |
unsigned_long |
Free size in bytes.
|
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.total |
text |
Human-friendly total size.
|
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes |
unsigned_long |
Total size in bytes.
|
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.available |
text |
Human-friendly available size.
|
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes |
unsigned_long |
Available size in bytes.
|
host.services.elasticsearch.node_info.cluster_combined_info.filesystem.free |
text |
Human-friendly free size.
|
host.services.elasticsearch.node_info.cluster_combined_info.indices |
object | |
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs |
object | |
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs.count |
unsigned_long |
Total number of non-deleted documents across all primary shards assigned to selected nodes.
|
host.services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted |
unsigned_long |
Total number of deleted documents across all primary shards assigned to selected nodes.
|
host.services.elasticsearch.node_info.cluster_combined_info.indices.store |
object | |
host.services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes |
unsigned_long |
A prediction, in bytes, of how much larger the shard stores can eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
|
host.services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes |
unsigned_long |
Total size, in bytes, of all shards assigned to selected nodes.
|
host.services.elasticsearch.node_info.cluster_combined_info.indices.count |
unsigned_long |
Total number of indices with shards assigned to selected nodes.
|
host.services.elasticsearch.node_info.cluster_combined_info.name |
text | |
host.services.elasticsearch.node_info.cluster_combined_info.status |
text | |
host.services.elasticsearch.node_info.cluster_combined_info.timestamp |
unsigned_long | |
host.services.elasticsearch.system_info |
object | |
host.services.elasticsearch.system_info.name |
text |
Cluster Name
|
host.services.elasticsearch.system_info.tagline |
text |
Elasticsearch identifying tagline.
|
host.services.elasticsearch.system_info.version |
object | |
host.services.elasticsearch.system_info.version.min_wire_compat_ver |
text | |
host.services.elasticsearch.system_info.version.lucene_version |
text | |
host.services.elasticsearch.system_info.version.build_date |
text | |
host.services.elasticsearch.system_info.version.build_hash |
text | |
host.services.elasticsearch.system_info.version.build_flavor |
text | |
host.services.elasticsearch.system_info.version.build_snapshot |
boolean | |
host.services.elasticsearch.system_info.version.min_idx_compat_ver |
text | |
host.services.elasticsearch.system_info.version.build_type |
text | |
host.services.elasticsearch.system_info.version.number |
text |
ES Cluster version
|
host.services.elasticsearch.system_info.cluster_uuid |
text |
Cluster UUID
|
host.services.elasticsearch.http_info |
object | |
host.services.elasticsearch.http_info.status |
text | |
host.services.elasticsearch.http_info.status_code |
integer | |
host.services.elasticsearch.http_info.headers |
nested | |
host.services.elasticsearch.http_info.headers.key |
text | |
host.services.elasticsearch.http_info.headers.value |
object | |
host.services.elasticsearch.http_info.headers.value.headers |
text | |
host.services.fox |
object | |
host.services.fox.hostname |
text | |
host.services.fox.id |
unsigned_long | |
host.services.fox.time_zone |
text | |
host.services.fox.station_name |
text | |
host.services.fox.vm_uuid |
text | |
host.services.fox.os_name |
text | |
host.services.fox.language |
text | |
host.services.fox.host_address |
text | |
host.services.fox.vm_version |
text | |
host.services.fox.hostid |
text | |
host.services.fox.sys_info |
text | |
host.services.fox.version |
text | |
host.services.fox.auth_agent_type |
text | |
host.services.fox.vm_name |
text | |
host.services.fox.app_name |
text | |
host.services.fox.app_version |
text | |
host.services.fox.os_version |
text | |
host.services.fox.brand_id |
text | |
host.services.sip |
object | |
host.services.sip.code |
integer | |
host.services.sip.server |
text |
Server software reported by service.
|
host.services.sip.status |
text | |
host.services.sip.version |
text |
SIP version
|
host.services.vnc |
object | |
host.services.vnc.desktop_name |
text |
Desktop name provided by the server, capped at 255 bytes.
|
host.services.vnc.pixel_encoding |
object | |
host.services.vnc.pixel_encoding.value |
integer | |
host.services.vnc.pixel_encoding.name |
text | |
host.services.vnc.screen_info |
object | |
host.services.vnc.screen_info.height |
unsigned_long | |
host.services.vnc.screen_info.name_len |
unsigned_long | |
host.services.vnc.screen_info.pixel_format |
object | |
host.services.vnc.screen_info.pixel_format.blue_max |
unsigned_long |
Max value of blue pixel.
|
host.services.vnc.screen_info.pixel_format.red_shift |
unsigned_long |
How many bits to right shift a pixel datum to get red bits in lsb.
|
host.services.vnc.screen_info.pixel_format.true_color |
boolean |
If false, color maps are used.
|
host.services.vnc.screen_info.pixel_format.blue_shift |
unsigned_long |
How many bits to right shift a pixel datum to get blue bits in lsb.
|
host.services.vnc.screen_info.pixel_format.depth |
unsigned_long |
Color depth.
|
host.services.vnc.screen_info.pixel_format.green_max |
unsigned_long |
Max value of green pixel.
|
host.services.vnc.screen_info.pixel_format.padding1 |
unsigned_long | |
host.services.vnc.screen_info.pixel_format.bits_per_pixel |
unsigned_long |
How many bits in a single full pixel datum. Valid values are: 8, 16, 32.
|
host.services.vnc.screen_info.pixel_format.padding2 |
unsigned_long | |
host.services.vnc.screen_info.pixel_format.green_shift |
unsigned_long |
How many bits to right shift a pixel datum to get green bits in lsb.
|
host.services.vnc.screen_info.pixel_format.padding3 |
unsigned_long | |
host.services.vnc.screen_info.pixel_format.red_max |
unsigned_long |
Max value of red pixel.
|
host.services.vnc.screen_info.pixel_format.big_endian |
boolean |
If pixel RGB data are in big-endian.
|
host.services.vnc.screen_info.width |
unsigned_long | |
host.services.vnc.security_types |
object |
Server-specified security options.
|
host.services.vnc.security_types.name |
text | |
host.services.vnc.security_types.value |
integer | |
host.services.vnc.version |
text | |
host.services.vnc.connection_failed_reason |
text |
If server terminates handshake, the reason offered, if any.
|
host.services.dnp3 |
object | |
host.services.dnp3.banner |
text | |
host.services.bacnet |
object | |
host.services.bacnet.location |
text | |
host.services.bacnet.model_name |
text | |
host.services.bacnet.vendor_name |
text | |
host.services.bacnet.instance_number |
unsigned_long | |
host.services.bacnet.firmware_revision |
text | |
host.services.bacnet.vendor_id |
unsigned_long | |
host.services.bacnet.application_software_revision |
text | |
host.services.bacnet.description |
text | |
host.services.bacnet.object_name |
text | |
host.services.telnet |
object | |
host.services.telnet.wont |
object | |
host.services.telnet.wont.key |
unsigned_long | |
host.services.telnet.wont.value |
text | |
host.services.telnet.banner |
text | |
host.services.telnet.do |
object | |
host.services.telnet.do.value |
text | |
host.services.telnet.do.key |
unsigned_long | |
host.services.telnet.dont |
object | |
host.services.telnet.dont.key |
unsigned_long | |
host.services.telnet.dont.value |
text | |
host.services.telnet.will |
object | |
host.services.telnet.will.key |
unsigned_long | |
host.services.telnet.will.value |
text | |
host.services.x11 |
object | |
host.services.x11.vendor |
text | |
host.services.x11.version |
text | |
host.services.x11.refusal_reason |
text | |
host.services.x11.requires_authentication |
boolean | |
host.services.http |
object | |
host.services.http.request |
object | |
host.services.http.request.method |
text | |
host.services.http.request.uri |
text | |
host.services.http.request.body |
text | |
host.services.http.request.headers |
nested | |
host.services.http.request.headers.key |
text | |
host.services.http.request.headers.value |
object | |
host.services.http.request.headers.value.headers |
text | |
host.services.http.response |
object | |
host.services.http.response.html_tags |
text | |
host.services.http.response.body_hashes |
keyword | |
host.services.http.response.body_size |
integer | |
host.services.http.response.headers |
nested | |
host.services.http.response.headers.key |
text | |
host.services.http.response.headers.value |
object | |
host.services.http.response.headers.value.headers |
text | |
host.services.http.response.status_code |
integer | |
host.services.http.response.protocol |
text | |
host.services.http.response.status_reason |
text | |
host.services.http.response.favicons |
object | |
host.services.http.response.favicons.name |
text | |
host.services.http.response.favicons.size |
integer | |
host.services.http.response.favicons.md5_hash |
keyword | |
host.services.http.response.body |
text | |
host.services.http.response.html_title |
text | |
host.services.http.supports_http2 |
boolean | |
host.services.ntp |
object | |
host.services.ntp.get_time_header |
object | |
host.services.ntp.get_time_header.stratum |
unsigned_long | |
host.services.ntp.get_time_header.version |
unsigned_long | |
host.services.ntp.get_time_header.leap_indicator |
unsigned_long | |
host.services.ntp.get_time_header.mode |
unsigned_long | |
host.services.ntp.get_time_header.poll |
integer | |
host.services.ntp.get_time_header.precision |
integer | |
host.services.ntp.get_time_header.reference_id |
text | |
host.services.ipp |
object | |
host.services.ipp.attributes |
object |
All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
|
host.services.ipp.attributes.name |
text | |
host.services.ipp.attributes.value_tag |
unsigned_long | |
host.services.ipp.attribute_cups_version |
text |
The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
|
host.services.ipp.cups_version |
text |
The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
|
host.services.ipp.minor_version |
unsigned_long |
Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
|
host.services.ipp.version_string |
text |
The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'
|
host.services.ipp.attribute_printer_uris |
text |
Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
|
host.services.ipp.attribute_ipp_versions |
text |
Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
|
host.services.ipp.cups_response |
object | |
host.services.ipp.cups_response.status_code |
unsigned_long | |
host.services.ipp.cups_response.body_hash |
text |
Hash of body stored in a UTF-8 string of the format <hash-type>:<hash-encoded>, e.g. sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
|
host.services.ipp.cups_response.headers |
nested | |
host.services.ipp.cups_response.headers.key |
text | |
host.services.ipp.cups_response.headers.value |
object | |
host.services.ipp.cups_response.headers.value.headers |
text | |
host.services.ipp.cups_response.status |
text | |
host.services.ipp.major_version |
unsigned_long |
Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
|
host.services.ipp.response |
object | |
host.services.ipp.response.status_code |
unsigned_long | |
host.services.ipp.response.body_hash |
text |
Hash of body stored in a UTF-8 string of the format <hash-type>:<hash-encoded>, e.g. sha256:a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
|
host.services.ipp.response.headers |
nested | |
host.services.ipp.response.headers.key |
text | |
host.services.ipp.response.headers.value |
object | |
host.services.ipp.response.headers.value.headers |
text | |
host.services.ipp.response.status |
text | |
host.services.ike |
object | |
host.services.ike.v1 |
object | |
host.services.ike.v1.vendor_ids |
text |
The list of Vendor ID "extensions" the host claimed to support in its handshake.
|
host.services.ike.v1.accepted_proposal |
boolean |
Did the host accept our security proposal? When false, the host responded with an error.
|
host.services.ike.v1.notify_message_types |
unsigned_long |
Which types of NOTIFY messages did the host send us?
|
host.services.ike.v2 |
object | |
host.services.ike.v2.notify_message_types |
unsigned_long | |
host.services.ike.v2.vendor_ids |
text | |
host.services.ike.v2.accepted_proposal |
boolean | |
host.services.ssdp |
object | |
host.services.ssdp.headers |
nested | |
host.services.ssdp.headers.value |
object | |
host.services.ssdp.headers.value.headers |
text | |
host.services.ssdp.headers.key |
text | |
host.services.ssdp.upnp_url |
text | |
host.services.pc_anywhere |
object | |
host.services.pc_anywhere.status |
object | |
host.services.pc_anywhere.status.in_use |
boolean |
Workstation is In Use if true, Available if false.
|
host.services.pc_anywhere.status.raw |
text |
Full 'ST' query response.
|
host.services.pc_anywhere.name |
text |
Workstation Name, with padding bytes removed.
|
host.services.pc_anywhere.nr |
text |
Full 'NR' query response.
|
host.services.pptp |
object | |
host.services.pptp.protocol |
object | |
host.services.pptp.protocol.major |
unsigned_long | |
host.services.pptp.protocol.minor |
unsigned_long | |
host.services.pptp.framing_message |
object | |
host.services.pptp.framing_message.code |
unsigned_long | |
host.services.pptp.framing_message.meaning |
text | |
host.services.pptp.hostname |
text | |
host.services.pptp.maximum_channels |
unsigned_long | |
host.services.pptp.vendor |
text | |
host.services.pptp.error_message |
object | |
host.services.pptp.error_message.meaning |
text | |
host.services.pptp.error_message.code |
unsigned_long | |
host.services.pptp.firmware |
object | |
host.services.pptp.firmware.major |
unsigned_long | |
host.services.pptp.firmware.minor |
unsigned_long | |
host.services.pptp.result_message |
object | |
host.services.pptp.result_message.code |
unsigned_long | |
host.services.pptp.result_message.meaning |
text | |
host.services.pptp.bearer_message |
object | |
host.services.pptp.bearer_message.code |
unsigned_long | |
host.services.pptp.bearer_message.meaning |
text | |
host.services.amqp |
object | |
host.services.amqp.version |
object | |
host.services.amqp.version.revision |
unsigned_long | |
host.services.amqp.version.major |
unsigned_long | |
host.services.amqp.version.minor |
unsigned_long | |
host.services.amqp.explicit_tls |
boolean |
Connected via a TLS connection after initial handshake.
|
host.services.amqp.implicit_tls |
boolean |
Connected via a TLS wrapped connection (AMQPS).
|
host.services.amqp.protocol_id |
object | |
host.services.amqp.protocol_id.id |
unsigned_long | |
host.services.amqp.protocol_id.name |
text | |
host.services.s7 |
object | |
host.services.s7.location |
text | |
host.services.s7.copyright |
text | |
host.services.s7.firmware |
text | |
host.services.s7.memory_serial_number |
text | |
host.services.s7.module_id |
text | |
host.services.s7.system |
text | |
host.services.s7.module_type |
text | |
host.services.s7.plant_id |
text | |
host.services.s7.hardware |
text | |
host.services.s7.oem_id |
text | |
host.services.s7.serial_number |
text | |
host.services.s7.reserved_for_os |
text | |
host.services.s7.cpu_profile |
text | |
host.services.s7.module |
text | |
host.services.service_name |
text | |
host.services.kubernetes |
object | |
host.services.kubernetes.roles |
object | |
host.services.kubernetes.roles.name |
text | |
host.services.kubernetes.roles.rules |
object |
Rules set for this role.
|
host.services.kubernetes.roles.rules.resources |
text |
A list of resources this rule applies to. ResourceAll represents all resources.
|
host.services.kubernetes.roles.rules.verbs |
text |
A list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
|
host.services.kubernetes.roles.rules.api_groups |
text |
The name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group is allowed.
|
host.services.kubernetes.version_info |
object | |
host.services.kubernetes.version_info.platform |
text |
Platform compiled for
|
host.services.kubernetes.version_info.git_version |
text | |
host.services.kubernetes.version_info.compiler |
text |
Go Compiler used.
|
host.services.kubernetes.version_info.build_date |
text |
Date version was built.
|
host.services.kubernetes.version_info.minor |
text |
Kubernetes minor version.
|
host.services.kubernetes.version_info.major |
text |
Kubernetes major version.
|
host.services.kubernetes.version_info.git_tree_state |
text |
State of the tree when built.
|
host.services.kubernetes.version_info.go_version |
text |
Version of GO used to build version.
|
host.services.kubernetes.version_info.git_commit |
text |
Git commit version built from.
|
host.services.kubernetes.endpoints |
object | |
host.services.kubernetes.endpoints.self_link |
text | |
host.services.kubernetes.endpoints.subsets |
object | |
host.services.kubernetes.endpoints.subsets.addresses |
object | |
host.services.kubernetes.endpoints.subsets.addresses.ip |
ip | |
host.services.kubernetes.endpoints.subsets.addresses.node_name |
text | |
host.services.kubernetes.endpoints.subsets.addresses.hostname |
text | |
host.services.kubernetes.endpoints.subsets.ports |
object | |
host.services.kubernetes.endpoints.subsets.ports.protocol |
text | |
host.services.kubernetes.endpoints.subsets.ports.name |
text | |
host.services.kubernetes.endpoints.subsets.ports.port |
unsigned_long | |
host.services.kubernetes.endpoints.name |
text | |
host.services.kubernetes.kubernetes_dashboard_found |
boolean |
True if the dashboard is running and accessible.
|
host.services.kubernetes.nodes |
object | |
host.services.kubernetes.nodes.os_image |
text |
OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
|
host.services.kubernetes.nodes.images |
text |
List of container images on this node.
|
host.services.kubernetes.nodes.architecture |
text |
The Architecture reported by the node.
|
host.services.kubernetes.nodes.name |
text | |
host.services.kubernetes.nodes.kube_proxy_version |
text |
KubeProxy Version reported by the node.
|
host.services.kubernetes.nodes.container_runtime_version |
text |
ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
|
host.services.kubernetes.nodes.kubelet_version |
text |
Kubelet Version reported by the node.
|
host.services.kubernetes.nodes.operating_system |
text |
The Operating System reported by the node.
|
host.services.kubernetes.nodes.kernel_version |
text |
Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
|
host.services.kubernetes.nodes.addresses |
object | |
host.services.kubernetes.nodes.addresses.address |
keyword |
Node address, IP/URL.
|
host.services.kubernetes.nodes.addresses.address_type |
text |
Node address type, one of Hostname, ExternalIP or InternalIP.
|
host.services.kubernetes.pod_names |
text | |
host.services.ldap |
object | |
host.services.ldap.resultcode |
unsigned_long |
Result or error code returned by LDAP instance upon bind.
|
host.services.ldap.allows_anonymous_bind |
boolean |
Ability to connect with anonymous bind (empty username and password).
|
host.services.ldap.attributes |
object |
All root DN attributes available via anonymous bind.
|
host.services.ldap.attributes.name |
text |
Name of the LDAP attribute in the root DN.
|
host.services.ldap.attributes.values |
text |
Values for the respective LDAP attribute.
|
host.services.banner_hex |
text | |
host.services.mqtt |
object | |
host.services.mqtt.connection_ack_raw |
text |
Raw CONNACK response packet.
|
host.services.mqtt.connection_ack_return |
object | |
host.services.mqtt.connection_ack_return.raw |
unsigned_long |
Raw connect status value.
|
host.services.mqtt.connection_ack_return.return_value |
text |
Connection status.
|
host.services.mqtt.subscription_ack_return |
object | |
host.services.mqtt.subscription_ack_return.raw |
unsigned_long |
Raw subscription response value.
|
host.services.mqtt.subscription_ack_return.return_value |
text |
Subscription response.
|
host.services.banner_hashes |
text | |
host.services.banner |
text | |
host.services.snmp |
object | |
host.services.snmp.oid_interfaces |
object |
1.3.6.1.2.1.2 - Interfaces
|
host.services.snmp.oid_interfaces.num_ifaces |
unsigned_long |
1.3.6.1.2.1.2.1 - Number of network interfaces
|
host.services.snmp.oid_physical |
object |
1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
|
host.services.snmp.oid_physical.serial_num |
text |
1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
|
host.services.snmp.oid_physical.software_rev |
text |
1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
|
host.services.snmp.oid_physical.firmware_rev |
text |
1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
|
host.services.snmp.oid_physical.hardware_rev |
text |
1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
|
host.services.snmp.oid_physical.mfg_name |
text |
1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
|
host.services.snmp.oid_physical.model_name |
text |
1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
|
host.services.snmp.oid_physical.name |
text |
1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
|
host.services.snmp.oid_system |
object |
1.3.6.1.2.1.1 - System Variables
|
host.services.snmp.oid_system.init_time |
unsigned_long |
1.3.6.1.2.1.1.3 - 1/100ths of sec
|
host.services.snmp.oid_system.location |
text |
1.3.6.1.2.1.1.6 - Physical location
|
host.services.snmp.oid_system.name |
text |
1.3.6.1.2.1.1.5 - Name, usually FQDN
|
host.services.snmp.oid_system.object_id |
text |
1.3.6.1.2.1.1.2 - Vendor ID
|
host.services.snmp.oid_system.services |
object |
1.3.6.1.2.1.1.7 - Set of services offered by entity
|
host.services.snmp.oid_system.services.layer_2 |
boolean |
Datalink/subnetwork (e.g. bridges)
|
host.services.snmp.oid_system.services.layer_3 |
boolean |
Internet (e.g. IP gateways)
|
host.services.snmp.oid_system.services.layer_4 |
boolean |
End-to-end (e.g. IP hosts)
|
host.services.snmp.oid_system.services.layer_5 |
boolean |
OSI layer 5
|
host.services.snmp.oid_system.services.layer_6 |
boolean |
OSI layer 6
|
host.services.snmp.oid_system.services.layer_7 |
boolean |
Applications (e.g. mail relays)
|
host.services.snmp.oid_system.services.layer_1 |
boolean |
Physical (e.g. repeaters)
|
host.services.snmp.oid_system.contact |
text |
1.3.6.1.2.1.1.4 - Contact info
|
host.services.snmp.oid_system.desc |
text |
1.3.6.1.2.1.1.1 - Description of entity
|
host.services.any_connect |
object | |
host.services.any_connect.groups |
text |
List of groups a user can authenticate with to use this VPN.
|
host.services.any_connect.raw |
text |
XML content of the config-auth response.
|
host.services.any_connect.response_type |
text |
Type of the response packet received after initializing the config-auth exchange.
|
host.services.any_connect.aggregate_auth_version |
integer |
Version number indicated by the response for config-auth exchange.
|
host.services.any_connect.auth_methods |
text |
Supported methods for users to enter credentials for this VPN.
|
host.services.oracle |
object | |
host.services.oracle.nsn_service_versions |
nested |
A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
|
host.services.oracle.nsn_service_versions.value |
text | |
host.services.oracle.nsn_service_versions.key |
text | |
host.services.oracle.connect_flags0 |
nested |
The first set of ConnectFlags returned in the Accept packet.
|
host.services.oracle.connect_flags0.value |
boolean | |
host.services.oracle.connect_flags0.key |
text | |
host.services.oracle.global_service_options |
nested |
Set of flags that the server returns in the Accept packet.
|
host.services.oracle.global_service_options.key |
text | |
host.services.oracle.global_service_options.value |
boolean | |
host.services.oracle.refuse_error |
object |
The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE.
|
host.services.oracle.refuse_error.key |
text | |
host.services.oracle.refuse_error.value |
text | |
host.services.oracle.refuse_error_raw |
text |
The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.
|
host.services.oracle.nsn_version |
text |
The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.
|
host.services.oracle.refuse_reason_app |
text |
The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
|
host.services.oracle.redirect_target |
object |
The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
|
host.services.oracle.redirect_target.key |
text | |
host.services.oracle.redirect_target.value |
text | |
host.services.oracle.accept_version |
unsigned_long |
The protocol version number from the Accept packet.
|
host.services.oracle.refuse_version |
text |
The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.
|
host.services.oracle.did_resend |
boolean |
True if the server sent a Resend packet request in response to the client's first Connect packet.
|
host.services.oracle.connect_flags1 |
nested |
The second set of ConnectFlags returned in the Accept packet.
|
host.services.oracle.connect_flags1.key |
text | |
host.services.oracle.connect_flags1.value |
boolean | |
host.services.oracle.redirect_target_raw |
text |
The connect descriptor returned by the server in the Redirect packet, if one is sent.
|
host.services.oracle.refuse_reason_sys |
text |
The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
|
host.services.mssql |
object | |
host.services.mssql.encrypt_mode |
text |
The negotiated ENCRYPT_MODE with the server.
|
host.services.mssql.instance_name |
text | |
host.services.mssql.prelogin_options |
object | |
host.services.mssql.prelogin_options.unknown |
object | |
host.services.mssql.prelogin_options.unknown.key |
unsigned_long | |
host.services.mssql.prelogin_options.unknown.value |
text | |
host.services.mssql.prelogin_options.fed_auth_required |
boolean | |
host.services.mssql.prelogin_options.thread_id |
unsigned_long | |
host.services.mssql.prelogin_options.server_version |
object | |
host.services.mssql.prelogin_options.server_version.minor |
unsigned_long | |
host.services.mssql.prelogin_options.server_version.build_number |
unsigned_long | |
host.services.mssql.prelogin_options.server_version.major |
unsigned_long | |
host.services.mssql.prelogin_options.instance |
text | |
host.services.mssql.prelogin_options.mars |
boolean | |
host.services.mssql.prelogin_options.nonce |
text | |
host.services.mssql.prelogin_options.trace_id |
text | |
host.services.mssql.prelogin_options.encrypt_mode |
text | |
host.services.mssql.version |
text | |
host.services.coap |
object | |
host.services.coap.code |
text | |
host.services.coap.message_id |
unsigned_long | |
host.services.coap.message_type |
text | |
host.services.coap.payload |
text | |
host.services.coap.token |
text | |
host.services.coap.version |
unsigned_long | |
host.services.truncated |
boolean | |
host.services.transport_fingerprint |
object | |
host.services.transport_fingerprint.os |
text | |
host.services.transport_fingerprint.quic |
object | |
host.services.transport_fingerprint.quic.versions |
unsigned_long |
Raw versions presented in the QUIC version negotiation packet, if any.
|
host.services.transport_fingerprint.raw |
text | |
host.services.transport_fingerprint.id |
integer | |
host.services.memcached |
object | |
host.services.memcached.version |
text |
Memcached Version
|
host.services.memcached.ascii_binding_protocol_enabled |
boolean |
True if the server responds to the ascii version of the memcached protocol.
|
host.services.memcached.binary_binding_protocol_enabled |
boolean |
True if the server responds to the binary version of the memcached protocol.
|
host.services.memcached.responds_to_udp |
boolean |
True if the server responds UDP.
|
host.services.memcached.stats |
nested |
Server Stats
|
host.services.memcached.stats.key |
text | |
host.services.memcached.stats.value |
text | |
host.services.mms |
object | |
host.services.mms.model |
text | |
host.services.mms.revision |
text | |
host.services.mms.vendor |
text | |
host.services.ssh |
object | |
host.services.ssh.endpoint_id |
object | |
host.services.ssh.endpoint_id.protocol_version |
text | |
host.services.ssh.endpoint_id.raw |
text | |
host.services.ssh.endpoint_id.software_version |
text | |
host.services.ssh.endpoint_id.comment |
text | |
host.services.ssh.hassh_fingerprint |
text | |
host.services.ssh.kex_init_message |
object | |
host.services.ssh.kex_init_message.client_to_server_languages |
text |
A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
|
host.services.ssh.kex_init_message.server_to_client_compression |
text |
A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
|
host.services.ssh.kex_init_message.client_to_server_compression |
text |
A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
|
host.services.ssh.kex_init_message.server_to_client_languages |
text |
A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
|
host.services.ssh.kex_init_message.server_to_client_macs |
text |
A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
|
host.services.ssh.kex_init_message.first_kex_follows |
boolean | |
host.services.ssh.kex_init_message.client_to_server_ciphers |
text |
A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
|
host.services.ssh.kex_init_message.client_to_server_macs |
text |
A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
|
host.services.ssh.kex_init_message.host_key_algorithms |
text |
Asymmetric key algorithms for the host key supported by the client.
|
host.services.ssh.kex_init_message.server_to_client_ciphers |
text |
A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
|
host.services.ssh.kex_init_message.kex_algorithms |
text |
Key exchange algorithms used in the handshake.
|
host.services.ssh.server_host_key |
object | |
host.services.ssh.server_host_key.ecdsa_public_key |
object | |
host.services.ssh.server_host_key.ecdsa_public_key.gx |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.y |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.curve |
keyword | |
host.services.ssh.server_host_key.ecdsa_public_key.p |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.x |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.n |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.b |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.gy |
text | |
host.services.ssh.server_host_key.ecdsa_public_key.length |
unsigned_long | |
host.services.ssh.server_host_key.ecdsa_public_key.pub |
text | |
host.services.ssh.server_host_key.ed25519_public_key |
object | |
host.services.ssh.server_host_key.ed25519_public_key.public_bytes |
text | |
host.services.ssh.server_host_key.fingerprint_sha256 |
text | |
host.services.ssh.server_host_key.rsa_public_key |
object | |
host.services.ssh.server_host_key.rsa_public_key.exponent |
text | |
host.services.ssh.server_host_key.rsa_public_key.length |
unsigned_long | |
host.services.ssh.server_host_key.rsa_public_key.modulus |
text | |
host.services.ssh.server_host_key.certkey_public_key |
text | |
host.services.ssh.server_host_key.dsa_public_key |
object | |
host.services.ssh.server_host_key.dsa_public_key.y |
text | |
host.services.ssh.server_host_key.dsa_public_key.g |
text | |
host.services.ssh.server_host_key.dsa_public_key.p |
text | |
host.services.ssh.server_host_key.dsa_public_key.q |
text | |
host.services.ssh.algorithm_selection |
object | |
host.services.ssh.algorithm_selection.host_key_algorithm |
text | |
host.services.ssh.algorithm_selection.kex_algorithm |
text | |
host.services.ssh.algorithm_selection.server_to_client_alg_group |
object | |
host.services.ssh.algorithm_selection.server_to_client_alg_group.cipher |
text | |
host.services.ssh.algorithm_selection.server_to_client_alg_group.compression |
text | |
host.services.ssh.algorithm_selection.server_to_client_alg_group.mac |
text | |
host.services.ssh.algorithm_selection.client_to_server_alg_group |
object | |
host.services.ssh.algorithm_selection.client_to_server_alg_group.cipher |
text | |
host.services.ssh.algorithm_selection.client_to_server_alg_group.compression |
text | |
host.services.ssh.algorithm_selection.client_to_server_alg_group.mac |
text | |
host.services.imap |
object | |
host.services.imap.banner |
text |
The IMAP banner.
|
host.services.imap.start_tls |
text |
The server's response to the STARTTLS command.
|
host.services.tls |
object | |
host.services.tls.version_selected |
text |
Certificate version v1(0), v2(1), v3(2).
|
host.services.tls.certificates |
object |
Certificate and certificate chain details.
|
host.services.tls.certificates.leaf_fp_sha_256 |
keyword |
SHA 256 fingerprint of the TBS certificate.
|
host.services.tls.certificates.chain |
object |
Certificate chain information.
|
host.services.tls.certificates.chain.fingerprint |
keyword |
SHA 256 fingerprint of the certificate in the certificate chain.
|
host.services.tls.certificates.chain.issuer_dn |
text |
Distinguished name of the entity that has signed and issued the certificate.
|
host.services.tls.certificates.chain.subject_dn |
text |
Distinguished name of the entity that the certificate belongs to.
|
host.services.tls.certificates.chain_fps_sha_256 |
keyword |
DEPRECATED (04/30/2021) - Use `chain` instead.
|
host.services.tls.certificates.leaf_data |
object |
The TBS Certificate information.
|
host.services.tls.certificates.leaf_data.pubkey_algorithm |
text |
Algorithm used to create the public key.
|
host.services.tls.certificates.leaf_data.subject |
object |
Subject distinguished name attributes.
|
host.services.tls.certificates.leaf_data.subject.country |
text | |
host.services.tls.certificates.leaf_data.subject.province |
text | |
host.services.tls.certificates.leaf_data.subject.email_address |
text | |
host.services.tls.certificates.leaf_data.subject.street_address |
text | |
host.services.tls.certificates.leaf_data.subject.serial_number |
keyword | |
host.services.tls.certificates.leaf_data.subject.organizational_unit |
text | |
host.services.tls.certificates.leaf_data.subject.jurisdiction_province |
text | |
host.services.tls.certificates.leaf_data.subject.postal_code |
keyword | |
host.services.tls.certificates.leaf_data.subject.locality |
text | |
host.services.tls.certificates.leaf_data.subject.jurisdiction_country |
text | |
host.services.tls.certificates.leaf_data.subject.organization |
text | |
host.services.tls.certificates.leaf_data.subject.jurisdiction_locality |
text | |
host.services.tls.certificates.leaf_data.subject.organization_id |
text | |
host.services.tls.certificates.leaf_data.subject.common_name |
text | |
host.services.tls.certificates.leaf_data.subject.domain_component |
text | |
host.services.tls.certificates.leaf_data.subject_dn |
text |
Distinguished name of the entity associated with the public key.
|
host.services.tls.certificates.leaf_data.issuer |
object |
Issuer distinguished name attributes.
|
host.services.tls.certificates.leaf_data.issuer.street_address |
text | |
host.services.tls.certificates.leaf_data.issuer.country |
text | |
host.services.tls.certificates.leaf_data.issuer.locality |
text | |
host.services.tls.certificates.leaf_data.issuer.organizational_unit |
text | |
host.services.tls.certificates.leaf_data.issuer.serial_number |
keyword | |
host.services.tls.certificates.leaf_data.issuer.email_address |
text | |
host.services.tls.certificates.leaf_data.issuer.jurisdiction_locality |
text | |
host.services.tls.certificates.leaf_data.issuer.jurisdiction_province |
text | |
host.services.tls.certificates.leaf_data.issuer.jurisdiction_country |
text | |
host.services.tls.certificates.leaf_data.issuer.common_name |
text | |
host.services.tls.certificates.leaf_data.issuer.organization |
text | |
host.services.tls.certificates.leaf_data.issuer.domain_component |
text | |
host.services.tls.certificates.leaf_data.issuer.postal_code |
keyword | |
host.services.tls.certificates.leaf_data.issuer.province |
text | |
host.services.tls.certificates.leaf_data.issuer.organization_id |
text | |
host.services.tls.certificates.leaf_data.pubkey_bit_size |
integer |
Size of the public key.
|
host.services.tls.certificates.leaf_data.public_key |
object |
Subject public key information.
|
host.services.tls.certificates.leaf_data.public_key.ecdsa |
object | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.p |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.pub |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.b |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.curve |
keyword | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.n |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.gx |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.y |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.gy |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.x |
text | |
host.services.tls.certificates.leaf_data.public_key.ecdsa.length |
unsigned_long | |
host.services.tls.certificates.leaf_data.public_key.fingerprint |
text | |
host.services.tls.certificates.leaf_data.public_key.key_algorithm |
keyword | |
host.services.tls.certificates.leaf_data.public_key.rsa |
object | |
host.services.tls.certificates.leaf_data.public_key.rsa.exponent |
text | |
host.services.tls.certificates.leaf_data.public_key.rsa.length |
unsigned_long | |
host.services.tls.certificates.leaf_data.public_key.rsa.modulus |
text | |
host.services.tls.certificates.leaf_data.public_key.dsa |
object | |
host.services.tls.certificates.leaf_data.public_key.dsa.y |
text | |
host.services.tls.certificates.leaf_data.public_key.dsa.g |
text | |
host.services.tls.certificates.leaf_data.public_key.dsa.p |
text | |
host.services.tls.certificates.leaf_data.public_key.dsa.q |
text | |
host.services.tls.certificates.leaf_data.issuer_dn |
text |
Distinguished name of the entity that signed and issued the certificate.
|
host.services.tls.certificates.leaf_data.signature |
object |
Certificate signature information.
|
host.services.tls.certificates.leaf_data.signature.signature_algorithm |
keyword |
Cryptographic algorithm used by the CA to sign this certificate.
|
host.services.tls.certificates.leaf_data.signature.self_signed |
boolean |
Denotes if the certificate was self signed.
|
host.services.tls.certificates.leaf_data.tbs_fingerprint |
keyword |
Fingerprint of the TBS certificate.
|
host.services.tls.certificates.leaf_data.fingerprint |
keyword |
SHA256 fingerprint of the TBS certificate.
|
host.services.tls.certificates.leaf_data.names |
text |
Common names for the entity.
|
host.services.tls.cipher_selected |
text |
Cipher suite chosen for the exchange.
|
host.services.tls.ja3s |
text |
The JA3S fingerprint for this service.
|
host.services.tls.server_key_exchange |
object |
DEPRECATED (05/03/2021)
|
host.services.tls.server_key_exchange.dh_params |
object |
Diffie-Hellman key exchange parameters used.
|
host.services.tls.server_key_exchange.dh_params.public_key |
text | |
host.services.tls.server_key_exchange.dh_params.group |
object |
Diffie-Hellman group details.
|
host.services.tls.server_key_exchange.dh_params.group.p |
text | |
host.services.tls.server_key_exchange.ec_params |
object |
Elliptic-Curve key exchange parameters used.
|
host.services.tls.server_key_exchange.ec_params.named_curve |
unsigned_long |
Elliptic-Curve ID value.
|
host.services.tls.server_key_exchange.ec_params.public_key |
text | |
host.services.tls.server_key_exchange.rsa_params |
object |
DEPRECATED (05/10/2021) - Can be found in the public key RSA details.
|
host.services.tls.server_key_exchange.rsa_params.public_key |
object | |
host.services.tls.server_key_exchange.rsa_params.public_key.e |
text | |
host.services.tls.server_key_exchange.rsa_params.public_key.n |
text | |
host.services.tls.server_key_exchange.signature |
text |
DEPRECATED (05/10/2021)
|
host.services.tls.session_ticket |
object |
The new session ticket sent by the server to the client.
|
host.services.tls.session_ticket.length |
unsigned_long | |
host.services.tls.session_ticket.lifetime_hint |
unsigned_long |
Hint from server about how long the session ticket should be stored.
|
host.services.tls.versions.tls_version
|
text |
|
host.services.dns |
object | |
host.services.dns.version |
text | |
host.services.dns.questions |
object | |
host.services.dns.questions.name |
text | |
host.services.dns.questions.response |
text | |
host.services.dns.questions.type |
text | |
host.services.dns.edns |
object | |
host.services.dns.edns.version |
unsigned_long | |
host.services.dns.edns.do |
boolean | |
host.services.dns.edns.options |
text | |
host.services.dns.edns.udp |
unsigned_long | |
host.services.dns.additionals |
object | |
host.services.dns.additionals.name |
text | |
host.services.dns.additionals.response |
text | |
host.services.dns.additionals.type |
text | |
host.services.dns.authorities |
object | |
host.services.dns.authorities.response |
text | |
host.services.dns.authorities.type |
text | |
host.services.dns.authorities.name |
text | |
host.services.dns.r_code |
text | |
host.services.dns.answers |
object | |
host.services.dns.answers.name |
text | |
host.services.dns.answers.response |
text | |
host.services.dns.answers.type |
text | |
host.services.dns.server_type |
text | |
host.services.dns.resolves_correctly |
boolean | |
host.services.redis |
object | |
host.services.redis.arch_bits |
text |
The architecture bits (32 or 64) the Redis server used to build.
|
host.services.redis.info_response |
object |
The response from the INFO command. A series of key:value pairs separated by CRLFs.
|
host.services.redis.info_response.key |
text | |
host.services.redis.info_response.value |
text | |
host.services.redis.used_memory |
unsigned_long |
The total number of bytes allocated by Redis using its allocator.
|
host.services.redis.minor |
unsigned_long |
The version's major number.
|
host.services.redis.major |
unsigned_long |
The version's major number.
|
host.services.redis.patch_level |
unsigned_long |
The version's patchlevel number.
|
host.services.redis.commands |
text |
The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
|
host.services.redis.nonexistent_response |
text |
The response from the NONEXISTENT command.
|
host.services.redis.raw_command_output |
object |
The raw output returned by the server for each command sent; the indices match those of commands.
|
host.services.redis.raw_command_output.output |
text | |
host.services.redis.quit_response |
text |
The response to the QUIT command.
|
host.services.redis.ping_response |
text |
The response from the PING command; should either be "PONG" or an authentication error.
|
host.services.redis.build_id |
text |
The Build ID of the Redis server.
|
host.services.redis.auth_response |
text |
The response from the AUTH command, if sent.
|
host.services.redis.mem_allocator |
text |
The memory allocator.
|
host.services.redis.uptime |
unsigned_long |
The number of seconds since Redis server start.
|
host.services.redis.git_sha1 |
text |
The Sha-1 Git commit hash the Redis server used.
|
host.services.redis.mode |
text |
The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
|
host.services.redis.os |
text |
The OS the Redis server is running, read from the the info_response (if available).
|
host.services.redis.connections_received |
unsigned_long |
The total number of connections accepted by the server.
|
host.services.redis.commands_processed |
unsigned_long |
The total number of commands processed by the server.
|
host.services.redis.gcc_version |
text |
The version of the GCC compiler used to compile the Redis server.
|
host.services.pop3 |
object | |
host.services.pop3.banner |
text |
The POP3 banner.
|
host.services.pop3.start_tls |
text |
The server's response to the STARTTLS command.
|
host.services.modbus |
object | |
host.services.modbus.function |
unsigned_long | |
host.services.modbus.mei_response |
object | |
host.services.modbus.mei_response.conformity_level |
long | |
host.services.modbus.mei_response.more_follows |
boolean | |
host.services.modbus.mei_response.objects |
nested | |
host.services.modbus.mei_response.objects.key |
text | |
host.services.modbus.mei_response.objects.value |
text | |
host.services.modbus.unit_id |
long | |
host.services.modbus.exception_response |
object | |
host.services.modbus.exception_response.exception_function |
unsigned_long | |
host.services.modbus.exception_response.exception_type |
unsigned_long | |
host.services.software |
nested | |
host.services.software.other |
object |
Other attributes describing the identified software.
|
host.services.software.other.key |
text | |
host.services.software.other.value |
text | |
host.services.software.target_hw |
text |
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
|
host.services.software.edition |
text |
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
|
host.services.software.product |
text |
Identifies the most common and recognizable title or name of the product.
|
host.services.software.version |
text |
Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
|
host.services.software.eol |
boolean | |
host.services.software.source |
text |
Defines the source that this software information was derived from.
|
host.services.software.part |
keyword |
Defines the class of this software, a for application, o for operating system, h for hardware devices.
|
host.services.software.sw_edition |
text |
Characterizes how the product is tailored to a particular market or class of end users.
|
host.services.software.language |
text |
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
|
host.services.software.risks |
nested | |
host.services.software.risks.user_status |
text | |
host.services.software.risks.categories |
text | |
host.services.software.risks.discovered_at |
date | |
host.services.software.risks.name |
text | |
host.services.software.risks.severity |
text | |
host.services.software.risks.status |
text | |
host.services.software.risks.type |
text | |
host.services.software.uniform_resource_identifier |
text |
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
|
host.services.software.target_sw |
text |
Characterizes the software computing environment within which the product operates.
|
host.services.software.update |
text |
Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
|
host.services.software.vendor |
text |
Identifies the person or organization that manufactured or created the product.
|
host.services.software.component_uniform_resource_identifiers |
text |
URIs of software components related to the identified software.
|
host.services.source_ip |
ip | |
host.services.smtp |
object | |
host.services.smtp.start_tls |
text |
The server's response to the STARTTLS command.
|
host.services.smtp.banner |
text |
The STMP banner.
|
host.services.smtp.ehlo |
text |
The server's response to the EHLO command.
|
host.services.transport_protocol |
text | |
host.services.mongodb |
object | |
host.services.mongodb.build_info |
object | |
host.services.mongodb.build_info.version |
text |
Version of mongodb server
|
host.services.mongodb.build_info.build_environment |
object | |
host.services.mongodb.build_info.build_environment.cc |
text | |
host.services.mongodb.build_info.build_environment.link_flags |
text | |
host.services.mongodb.build_info.build_environment.dist_mod |
text | |
host.services.mongodb.build_info.build_environment.target_os |
text | |
host.services.mongodb.build_info.build_environment.cxx_flags |
text | |
host.services.mongodb.build_info.build_environment.target_arch |
text | |
host.services.mongodb.build_info.build_environment.cc_flags |
text | |
host.services.mongodb.build_info.build_environment.dist_arch |
text | |
host.services.mongodb.build_info.build_environment.cxx |
text | |
host.services.mongodb.build_info.git_version |
text |
Version of mongodb server
|
host.services.mongodb.is_master |
object | |
host.services.mongodb.is_master.max_bson_object_size |
integer | |
host.services.mongodb.is_master.max_message_size_bytes |
integer | |
host.services.mongodb.is_master.max_wire_version |
integer | |
host.services.mongodb.is_master.max_write_batch_size |
integer | |
host.services.mongodb.is_master.min_wire_version |
integer | |
host.services.mongodb.is_master.read_only |
boolean | |
host.services.mongodb.is_master.is_master |
boolean | |
host.services.mongodb.is_master.logical_session_timeout_minutes |
integer | |
host.services.smb |
object | |
host.services.smb.negotiation_log |
object | |
host.services.smb.negotiation_log.authentication_types |
text | |
host.services.smb.negotiation_log.capabilities |
unsigned_long | |
host.services.smb.negotiation_log.dialect_revision |
unsigned_long | |
host.services.smb.negotiation_log.header_log |
object | |
host.services.smb.negotiation_log.header_log.flags |
unsigned_long | |
host.services.smb.negotiation_log.header_log.protocol_id |
text | |
host.services.smb.negotiation_log.header_log.status |
unsigned_long | |
host.services.smb.negotiation_log.header_log.command |
unsigned_long | |
host.services.smb.negotiation_log.header_log.credits |
unsigned_long | |
host.services.smb.negotiation_log.security_mode |
unsigned_long | |
host.services.smb.negotiation_log.server_guid |
text | |
host.services.smb.negotiation_log.server_start_time |
unsigned_long | |
host.services.smb.negotiation_log.system_time |
unsigned_long | |
host.services.smb.has_ntlm |
boolean |
Server supports the NTLM authentication method
|
host.services.smb.smb_version |
object | |
host.services.smb.smb_version.version_string |
text |
Full SMB Version String
|
host.services.smb.smb_version.major |
unsigned_long |
Major version
|
host.services.smb.smb_version.minor |
unsigned_long |
Minor version
|
host.services.smb.smb_version.revision |
unsigned_long |
Protocol Revision
|
host.services.smb.group_name |
text |
Default group name
|
host.services.smb.smb_capabilities |
object |
Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
|
host.services.smb.smb_capabilities.smb_leasing_support |
boolean |
Server supports Leasing
|
host.services.smb.smb_capabilities.smb_multichan_support |
boolean |
Server supports multiple channels per session
|
host.services.smb.smb_capabilities.smb_multicredit_support |
boolean |
Server supports multi-credit operations
|
host.services.smb.smb_capabilities.smb_persistent_handle_support |
boolean |
Server supports persistent handles
|
host.services.smb.smb_capabilities.smb_dfs_support |
boolean |
Server supports Distributed File System
|
host.services.smb.smb_capabilities.smb_directory_leasing_support |
boolean |
Server supports directory leasing
|
host.services.smb.smb_capabilities.smb_encryption_support |
boolean |
Server supports encryption
|
host.services.smb.smbv1_support |
boolean | |
host.services.smb.native_os |
text |
Server-identified operating system
|
host.services.smb.session_setup_log |
object | |
host.services.smb.session_setup_log.header_log |
object | |
host.services.smb.session_setup_log.header_log.credits |
unsigned_long | |
host.services.smb.session_setup_log.header_log.flags |
unsigned_long | |
host.services.smb.session_setup_log.header_log.protocol_id |
text | |
host.services.smb.session_setup_log.header_log.status |
unsigned_long | |
host.services.smb.session_setup_log.header_log.command |
unsigned_long | |
host.services.smb.session_setup_log.negotiate_flags |
unsigned_long | |
host.services.smb.session_setup_log.setup_flags |
unsigned_long | |
host.services.smb.session_setup_log.target_name |
text | |
host.services.smb.ntlm |
text |
Native LAN manager
|
host.services.ftp |
object | |
host.services.ftp.banner |
text | |
host.services.ftp.implicit_tls |
boolean | |
host.services.ftp.status_code |
integer | |
host.services.ftp.status_meaning |
text | |
host.services.ftp.auth_ssl_response |
text | |
host.services.ftp.auth_tls_response |
text | |
host.services.mysql |
object | |
host.services.mysql.character_set |
unsigned_long |
The identifier for the character set the server is using. Returned in the initial HandshakePacket.
|
host.services.mysql.auth_plugin_name |
text |
The name of the authentication plugin, returned in the initial HandshakePacket.
|
host.services.mysql.connection_id |
unsigned_long |
The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
|
host.services.mysql.error_code |
long |
Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
|
host.services.mysql.server_version |
text |
The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
|
host.services.mysql.error_id |
text |
The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN.
|
host.services.mysql.protocol_version |
unsigned_long |
8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
|
host.services.mysql.auth_plugin_data |
text |
Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
|
host.services.mysql.error_message |
text |
Optional string describing the error. Only set if there is an error.
|
host.services.mysql.status_flags |
nested |
The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
|
host.services.mysql.status_flags.key |
text | |
host.services.mysql.status_flags.value |
boolean | |
host.services.mysql.capability_flags |
nested |
The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
|
host.services.mysql.capability_flags.key |
text | |
host.services.mysql.capability_flags.value |
boolean | |
host.services.openvpn |
object | |
host.services.openvpn.accepts_v1 |
boolean | |
host.services.openvpn.accepts_v2 |
boolean | |
host.services.upnp |
object | |
host.services.upnp.spec |
object | |
host.services.upnp.spec.major |
text | |
host.services.upnp.spec.minor |
text | |
host.services.upnp.devices |
object | |
host.services.upnp.devices.model_name |
text | |
host.services.upnp.devices.id |
integer |
Censys-generated IDs representing a device tree.
|
host.services.upnp.devices.model_number |
text | |
host.services.upnp.devices.presentation_url |
text | |
host.services.upnp.devices.parent_id |
integer | |
host.services.upnp.devices.model_url |
text | |
host.services.upnp.devices.service_list |
object | |
host.services.upnp.devices.service_list.service_type |
text | |
host.services.upnp.devices.service_list.control_url |
text | |
host.services.upnp.devices.service_list.event_sub_url |
text | |
host.services.upnp.devices.service_list.scpd_url |
text | |
host.services.upnp.devices.service_list.service_id |
text | |
host.services.upnp.devices.upc |
text | |
host.services.upnp.devices.manufacturer_url |
text | |
host.services.upnp.devices.model_description |
text | |
host.services.upnp.devices.serial_number |
text | |
host.services.upnp.devices.friendly_name |
text | |
host.services.upnp.devices.device_type |
text | |
host.services.upnp.devices.manufacturer |
text | |
host.services.upnp.devices.udn |
text | |
host.services.upnp.endpoint |
text | |
host.services.upnp.headers |
nested | |
host.services.upnp.headers.value |
object | |
host.services.upnp.headers.value.headers |
text | |
host.services.upnp.headers.key |
text | |
host.services.postgres |
object | |
host.services.postgres.supported_versions |
text | |
host.services.postgres.transaction_status |
text | |
host.services.postgres.authentication_mode |
object | |
host.services.postgres.authentication_mode.mode |
text | |
host.services.postgres.authentication_mode.payload |
text | |
host.services.postgres.protocol_error |
nested | |
host.services.postgres.protocol_error.key |
text | |
host.services.postgres.protocol_error.value |
text | |
host.services.postgres.startup_error |
nested | |
host.services.postgres.startup_error.value |
text | |
host.services.postgres.startup_error.key |
text | |
host.services.perspective_id |
text | |
host.services.risks |
nested | |
host.services.risks.discovered_at |
date | |
host.services.risks.name |
text | |
host.services.risks.severity |
text | |
host.services.risks.status |
text | |
host.services.risks.type |
text | |
host.services.risks.user_status |
text | |
host.services.risks.categories |
text | |
host.services.team_viewer |
object | |
host.services.team_viewer.response |
text | |
host.services.certificate |
text | |
host.cloud |
text | |
host.location |
object | |
host.location.registered_country |
text |
The English name of the registered country.
|
host.location.timezone |
text |
The IANA time zone database name of the detected location.
|
host.location.province |
text |
The state or province name of the detected location.
|
host.location.country |
text |
The English name of the detected country.
|
host.location.continent |
keyword |
The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
|
host.location.postal_code |
keyword |
The postal code (if applicable) of the detected location.
|
host.location.city |
text |
The English name of the detected city.
|
host.location.registered_country_code |
keyword |
The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
host.location.coordinates |
object |
The estimated coordinates of the detected location.
|
host.location.coordinates.longitude |
double | |
host.location.coordinates.latitude |
double | |
host.location.country_code |
keyword |
The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
host.cdns |
text | |
host.classifications |
text | |
host.ip |
ip |
Web Entities
Web entities are name-based HTTP services that represent products, services, and content reached through the world wide web using a name and a port number. Web entities are represented as a collection of instances, the identifier of which includes the IP address of the host serving the web entity.
Fields
Field Name | Value Type | Description |
---|---|---|
web_entity |
object | |
web_entity.port |
integer | |
web_entity.name |
text | |
web_entity.instance_count |
integer | |
web_entity.asset_id |
text | |
web_entity.instances |
nested | |
web_entity.instances.ip |
text | |
web_entity.instances.last_observed_at |
date | |
web_entity.instances.cdns |
text | |
web_entity.instances.tls |
object | |
web_entity.instances.tls.certificates |
object |
Certificate and certificate chain details.
|
web_entity.instances.tls.certificates.chain |
object |
Certificate chain information.
|
web_entity.instances.tls.certificates.chain.fingerprint |
keyword |
SHA 256 fingerprint of the certificate in the certificate chain.
|
web_entity.instances.tls.certificates.chain.issuer_dn |
text |
Distinguished name of the entity that has signed and issued the certificate.
|
web_entity.instances.tls.certificates.chain.subject_dn |
text |
Distinguished name of the entity that the certificate belongs to.
|
web_entity.instances.tls.certificates.chain_fps_sha_256 |
keyword |
DEPRECATED (04/30/2021) - Use `chain` instead.
|
web_entity.instances.tls.certificates.leaf_data |
object |
The TBS Certificate information.
|
web_entity.instances.tls.certificates.leaf_data.fingerprint |
keyword |
SHA256 fingerprint of the TBS certificate.
|
web_entity.instances.tls.certificates.leaf_data.tbs_fingerprint |
keyword |
Fingerprint of the TBS certificate.
|
web_entity.instances.tls.certificates.leaf_data.issuer_dn |
text |
Distinguished name of the entity that signed and issued the certificate.
|
web_entity.instances.tls.certificates.leaf_data.subject |
object |
Subject distinguished name attributes.
|
web_entity.instances.tls.certificates.leaf_data.subject.province |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.email_address |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.locality |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_locality |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.country |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.street_address |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.organization |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.organizational_unit |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.postal_code |
keyword | |
web_entity.instances.tls.certificates.leaf_data.subject.common_name |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.domain_component |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.serial_number |
keyword | |
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_province |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.organization_id |
text | |
web_entity.instances.tls.certificates.leaf_data.subject.jurisdiction_country |
text | |
web_entity.instances.tls.certificates.leaf_data.names |
text |
Common names for the entity.
|
web_entity.instances.tls.certificates.leaf_data.pubkey_algorithm |
text |
Algorithm used to create the public key.
|
web_entity.instances.tls.certificates.leaf_data.signature |
object |
Certificate signature information.
|
web_entity.instances.tls.certificates.leaf_data.signature.self_signed |
boolean |
Denotes if the certificate was self signed.
|
web_entity.instances.tls.certificates.leaf_data.signature.signature_algorithm |
keyword |
Cryptographic algorithm used by the CA to sign this certificate.
|
web_entity.instances.tls.certificates.leaf_data.public_key |
object |
Subject public key information.
|
web_entity.instances.tls.certificates.leaf_data.public_key.dsa |
object | |
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.g |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.p |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.q |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.dsa.y |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa |
object | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.x |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.gy |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.n |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.gx |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.p |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.curve |
keyword | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.y |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.pub |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.length |
unsigned_long | |
web_entity.instances.tls.certificates.leaf_data.public_key.ecdsa.b |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.fingerprint |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.key_algorithm |
keyword | |
web_entity.instances.tls.certificates.leaf_data.public_key.rsa |
object | |
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.modulus |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.exponent |
text | |
web_entity.instances.tls.certificates.leaf_data.public_key.rsa.length |
unsigned_long | |
web_entity.instances.tls.certificates.leaf_data.subject_dn |
text |
Distinguished name of the entity associated with the public key.
|
web_entity.instances.tls.certificates.leaf_data.pubkey_bit_size |
integer |
Size of the public key.
|
web_entity.instances.tls.certificates.leaf_data.issuer |
object |
Issuer distinguished name attributes.
|
web_entity.instances.tls.certificates.leaf_data.issuer.organization_id |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.province |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_province |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_country |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.jurisdiction_locality |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.organization |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.country |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.postal_code |
keyword | |
web_entity.instances.tls.certificates.leaf_data.issuer.organizational_unit |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.street_address |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.serial_number |
keyword | |
web_entity.instances.tls.certificates.leaf_data.issuer.locality |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.email_address |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.domain_component |
text | |
web_entity.instances.tls.certificates.leaf_data.issuer.common_name |
text | |
web_entity.instances.tls.certificates.leaf_fp_sha_256 |
keyword |
SHA 256 fingerprint of the TBS certificate.
|
web_entity.instances.tls.cipher_selected |
text |
Cipher suite chosen for the exchange.
|
web_entity.instances.tls.ja3s |
text |
The JA3S fingerprint for this service.
|
web_entity.instances.tls.server_key_exchange |
object |
DEPRECATED (05/03/2021)
|
web_entity.instances.tls.server_key_exchange.ec_params |
object |
Elliptic-Curve key exchange parameters used.
|
web_entity.instances.tls.server_key_exchange.ec_params.named_curve |
unsigned_long |
Elliptic-Curve ID value.
|
web_entity.instances.tls.server_key_exchange.ec_params.public_key |
text | |
web_entity.instances.tls.server_key_exchange.rsa_params |
object |
DEPRECATED (05/10/2021) - Can be found in the public key RSA details.
|
web_entity.instances.tls.server_key_exchange.rsa_params.public_key |
object | |
web_entity.instances.tls.server_key_exchange.rsa_params.public_key.e |
text | |
web_entity.instances.tls.server_key_exchange.rsa_params.public_key.n |
text | |
web_entity.instances.tls.server_key_exchange.signature |
text |
DEPRECATED (05/10/2021)
|
web_entity.instances.tls.server_key_exchange.dh_params |
object |
Diffie-Hellman key exchange parameters used.
|
web_entity.instances.tls.server_key_exchange.dh_params.public_key |
text | |
web_entity.instances.tls.server_key_exchange.dh_params.group |
object |
Diffie-Hellman group details.
|
web_entity.instances.tls.server_key_exchange.dh_params.group.p |
text | |
web_entity.instances.tls.session_ticket |
object |
The new session ticket sent by the server to the client.
|
web_entity.instances.tls.session_ticket.length |
unsigned_long | |
web_entity.instances.tls.session_ticket.lifetime_hint |
unsigned_long |
Hint from server about how long the session ticket should be stored.
|
web_entity.instances.tls.version_selected |
text |
Certificate version v1(0), v2(1), v3(2).
|
web_entity.instances.tls.versions.tls_version |
text |
|
web_entity.instances.certificate |
text | |
web_entity.instances.software |
object | |
web_entity.instances.software.uniform_resource_identifier |
text |
CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
|
web_entity.instances.software.other |
object |
Other attributes describing the identified software.
|
web_entity.instances.software.other.key |
text | |
web_entity.instances.software.other.value |
text | |
web_entity.instances.software.eol |
boolean | |
web_entity.instances.software.product |
text |
Identifies the most common and recognizable title or name of the product.
|
web_entity.instances.software.sw_edition |
text |
Characterizes how the product is tailored to a particular market or class of end users.
|
web_entity.instances.software.target_sw |
text |
Characterizes the software computing environment within which the product operates.
|
web_entity.instances.software.risks |
nested | |
web_entity.instances.software.risks.type |
text | |
web_entity.instances.software.risks.user_status |
text | |
web_entity.instances.software.risks.categories |
text | |
web_entity.instances.software.risks.discovered_at |
date | |
web_entity.instances.software.risks.name |
text | |
web_entity.instances.software.risks.severity |
text | |
web_entity.instances.software.risks.status |
text | |
web_entity.instances.software.source |
text |
Defines the source that this software information was derived from.
|
web_entity.instances.software.language |
text |
Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
|
web_entity.instances.software.component_uniform_resource_identifiers |
text |
URIs of software components related to the identified software.
|
web_entity.instances.software.part |
keyword |
Defines the class of this software, a for application, o for operating system, h for hardware devices.
|
web_entity.instances.software.edition |
text |
Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
|
web_entity.instances.software.vendor |
text |
Identifies the person or organization that manufactured or created the product.
|
web_entity.instances.software.version |
text |
Vendor-specific alphanumeric strings characterizing the particular release version of the product.
|
web_entity.instances.software.update |
text |
Vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
|
web_entity.instances.software.target_hw |
text |
Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
|
web_entity.instances.extended_service_name |
text | |
web_entity.instances.http |
object | |
web_entity.instances.http.response |
object | |
web_entity.instances.http.response.protocol |
text | |
web_entity.instances.http.response.body_hashes |
keyword | |
web_entity.instances.http.response.html_tags |
text | |
web_entity.instances.http.response.status_code |
integer | |
web_entity.instances.http.response.html_title |
text | |
web_entity.instances.http.response.body_size |
integer | |
web_entity.instances.http.response.headers |
nested | |
web_entity.instances.http.response.headers.key |
text | |
web_entity.instances.http.response.headers.value |
object | |
web_entity.instances.http.response.headers.value.headers |
text | |
web_entity.instances.http.response.body |
text | |
web_entity.instances.http.response.favicons |
object | |
web_entity.instances.http.response.favicons.name |
text | |
web_entity.instances.http.response.favicons.size |
integer | |
web_entity.instances.http.response.favicons.md5_hash |
keyword | |
web_entity.instances.http.response.status_reason |
text | |
web_entity.instances.http.supports_http2 |
boolean | |
web_entity.instances.http.request |
object | |
web_entity.instances.http.request.uri |
text | |
web_entity.instances.http.request.body |
text | |
web_entity.instances.http.request.headers |
nested | |
web_entity.instances.http.request.headers.key |
text | |
web_entity.instances.http.request.headers.value |
object | |
web_entity.instances.http.request.headers.value.headers |
text | |
web_entity.instances.http.request.method |
text | |
web_entity.instances.perspective_id |
text | |
web_entity.instances.service_name |
text | |
web_entity.instances.risks |
nested | |
web_entity.instances.risks.severity |
text | |
web_entity.instances.risks.status |
text | |
web_entity.instances.risks.type |
text | |
web_entity.instances.risks.user_status |
text | |
web_entity.instances.risks.categories |
text | |
web_entity.instances.risks.discovered_at |
date | |
web_entity.instances.risks.name |
text | |
web_entity.instances.location |
object | |
web_entity.instances.location.country_code |
keyword |
The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
web_entity.instances.location.registered_country_code |
keyword |
The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
web_entity.instances.location.city |
text |
The English name of the detected city.
|
web_entity.instances.location.province |
text |
The state or province name of the detected location.
|
web_entity.instances.location.country |
text |
The English name of the detected country.
|
web_entity.instances.location.continent |
keyword |
The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
|
web_entity.instances.location.registered_country |
text |
The English name of the registered country.
|
web_entity.instances.location.timezone |
text |
The IANA time zone database name of the detected location.
|
web_entity.instances.location.postal_code |
keyword |
The postal code (if applicable) of the detected location.
|
web_entity.instances.location.coordinates |
object |
The estimated coordinates of the detected location.
|
web_entity.instances.location.coordinates.latitude |
double | |
web_entity.instances.location.coordinates.longitude |
double | |
web_entity.instances.jarm |
object | |
web_entity.instances.jarm.observed_at |
date |
The time the service was fingerprinted.
|
web_entity.instances.jarm.tls_extensions_sha256 |
text |
The second 32 byte portion of the Jarm fingerprint.
|
web_entity.instances.jarm.cipher_and_version_fingerprint |
text |
The first 30 byte portion of the Jarm fingerprint.
|
web_entity.instances.jarm.fingerprint |
text |
The 62 byte Jarm fingerprint of the service.
|
web_entity.instances.classifications |
text | |
web_entity.instances.banner |
text | |
web_entity.instances.web_origin |
text | |
web_entity.instances.dns |
object | |
web_entity.instances.dns.names |
text | |
web_entity.instances.dns.reverse_dns |
object | |
web_entity.instances.dns.reverse_dns.names |
text | |
web_entity.instances.dns.reverse_dns.resolved_at |
date | |
web_entity.instances.port |
integer | |
web_entity.instances.kubernetes |
object | |
web_entity.instances.kubernetes.version_info |
object | |
web_entity.instances.kubernetes.version_info.build_date |
text |
Date version was built.
|
web_entity.instances.kubernetes.version_info.go_version |
text |
Version of GO used to build version.
|
web_entity.instances.kubernetes.version_info.platform |
text |
Platform compiled for
|
web_entity.instances.kubernetes.version_info.compiler |
text |
Go Compiler used.
|
web_entity.instances.kubernetes.version_info.git_version |
text | |
web_entity.instances.kubernetes.version_info.minor |
text |
Kubernetes minor version
|
web_entity.instances.kubernetes.version_info.git_tree_state |
text |
State of the tree when built.
|
web_entity.instances.kubernetes.version_info.git_commit |
text |
Git commit version built from.
|
web_entity.instances.kubernetes.version_info.major |
text |
Kubernetes major version
|
web_entity.instances.kubernetes.endpoints |
object | |
web_entity.instances.kubernetes.endpoints.self_link |
text | |
web_entity.instances.kubernetes.endpoints.subsets |
object | |
web_entity.instances.kubernetes.endpoints.subsets.addresses |
object | |
web_entity.instances.kubernetes.endpoints.subsets.addresses.ip |
ip | |
web_entity.instances.kubernetes.endpoints.subsets.addresses.node_name |
text | |
web_entity.instances.kubernetes.endpoints.subsets.addresses.hostname |
text | |
web_entity.instances.kubernetes.endpoints.subsets.ports |
object | |
web_entity.instances.kubernetes.endpoints.subsets.ports.port |
unsigned_long | |
web_entity.instances.kubernetes.endpoints.subsets.ports.protocol |
text | |
web_entity.instances.kubernetes.endpoints.subsets.ports.name |
text | |
web_entity.instances.kubernetes.endpoints.name |
text | |
web_entity.instances.kubernetes.kubernetes_dashboard_found |
boolean |
True if the dashboard is running and accessible.
|
web_entity.instances.kubernetes.nodes |
object | |
web_entity.instances.kubernetes.nodes.os_image |
text |
OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
|
web_entity.instances.kubernetes.nodes.kube_proxy_version |
text |
KubeProxy Version reported by the node.
|
web_entity.instances.kubernetes.nodes.kubelet_version |
text |
Kubelet Version reported by the node.
|
web_entity.instances.kubernetes.nodes.addresses |
object | |
web_entity.instances.kubernetes.nodes.addresses.address |
keyword |
Node address, IP/URL.
|
web_entity.instances.kubernetes.nodes.addresses.address_type |
text |
Node address type, one of Hostname, ExternalIP or InternalIP.
|
web_entity.instances.kubernetes.nodes.kernel_version |
text |
Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
|
web_entity.instances.kubernetes.nodes.name |
text | |
web_entity.instances.kubernetes.nodes.operating_system |
text |
The Operating System reported by the node.
|
web_entity.instances.kubernetes.nodes.architecture |
text |
The Architecture reported by the node.
|
web_entity.instances.kubernetes.nodes.container_runtime_version |
text |
ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
|
web_entity.instances.kubernetes.nodes.images |
text |
List of container images on this node.
|
web_entity.instances.kubernetes.pod_names |
text | |
web_entity.instances.kubernetes.roles |
object | |
web_entity.instances.kubernetes.roles.name |
text | |
web_entity.instances.kubernetes.roles.rules |
object |
Rules set for this role.
|
web_entity.instances.kubernetes.roles.rules.resources |
text |
Resources is a list of resources this rule applies to. ResourceAll represents all resources.
|
web_entity.instances.kubernetes.roles.rules.verbs |
text |
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
|
web_entity.instances.kubernetes.roles.rules.api_groups |
text |
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
|
web_entity.instances.cloud |
text | |
web_entity.instances.autonomous_system |
object | |
web_entity.instances.autonomous_system.name |
text |
The friendly name of the autonomous system.
|
web_entity.instances.autonomous_system.organization |
text |
The name of the organization managing the autonomous system.
|
web_entity.instances.autonomous_system.asn |
unsigned_long |
The ASN (autonomous system number) of the host's autonomous system.
|
web_entity.instances.autonomous_system.bgp_prefix |
ip_range |
The autonomous system's CIDR.
|
web_entity.instances.autonomous_system.country_code |
keyword |
The autonomous system's 2 letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
|
web_entity.instances.autonomous_system.description |
text |
Brief description of the autonomous system.
|
web_entity.instances.transport_protocol |
text | |
web_entity.instances.source_ip |
ip | |
web_entity.instances.elasticsearch |
object | |
web_entity.instances.elasticsearch.node_info |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.name |
text | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.status |
text | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.timestamp |
unsigned_long | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.uuid |
text | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.available |
text |
Human-friendly available size.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes |
unsigned_long |
Available size in bytes
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.free |
text |
Human-friendly free size.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes |
unsigned_long |
Free size in bytes
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.total |
text |
Human-friendly total size.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes |
unsigned_long |
Total size in bytes
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs.count |
unsigned_long |
Total number of non-deleted documents across all primary shards assigned to selected nodes.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted |
unsigned_long |
Total number of deleted documents across all primary shards assigned to selected nodes.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store |
object | |
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes |
unsigned_long |
A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes |
unsigned_long |
Total size, in bytes, of all shards assigned to selected nodes.
|
web_entity.instances.elasticsearch.node_info.cluster_combined_info.indices.count |
unsigned_long |
Total number of indices with shards assigned to selected nodes.
|
web_entity.instances.elasticsearch.node_info.nodes |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.host |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.roles |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.ingest_processors |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_flavor |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl |
boolean | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.java_version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.class_name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.desc |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.elastic_version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.modules.ext_plugins |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.cluster_name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.settings.node.name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms |
unsigned_long | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.gc |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.vm_version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.memory_pools |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.input_args |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.start_time |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.jvm.version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_type |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.ip |
ip | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.total_indexing_buffer |
unsigned_long | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.build_hash |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.pretty_name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms |
unsigned_long | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.version |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.allocated_proc |
integer | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.arch |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.os.available_proc |
integer | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.name |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list |
object | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.min |
integer | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size |
integer | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.type |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive |
text | |
web_entity.instances.elasticsearch.node_info.nodes.node_data.thread_pool_list.max |
integer | |
web_entity.instances.elasticsearch.node_info.nodes.node_name |
text | |
web_entity.instances.elasticsearch.system_info |
object | |
web_entity.instances.elasticsearch.system_info.name |
text |
Cluster Name
|
web_entity.instances.elasticsearch.system_info.tagline |
text |
Elasticsearch identifying tagline
|
web_entity.instances.elasticsearch.system_info.version |
object | |
web_entity.instances.elasticsearch.system_info.version.build_hash |
text | |
web_entity.instances.elasticsearch.system_info.version.build_snapshot |
boolean | |
web_entity.instances.elasticsearch.system_info.version.number |
text |
ES Cluster version
|
web_entity.instances.elasticsearch.system_info.version.lucene_version |
text | |
web_entity.instances.elasticsearch.system_info.version.min_wire_compat_ver |
text | |
web_entity.instances.elasticsearch.system_info.version.build_date |
text | |
web_entity.instances.elasticsearch.system_info.version.build_flavor |
text | |
web_entity.instances.elasticsearch.system_info.version.min_idx_compat_ver |
text | |
web_entity.instances.elasticsearch.system_info.version.build_type |
text | |
web_entity.instances.elasticsearch.system_info.cluster_uuid |
text |
Cluster UUID
|
web_entity.instances.elasticsearch.http_info |
object | |
web_entity.instances.elasticsearch.http_info.status_code |
integer | |
web_entity.instances.elasticsearch.http_info.headers |
nested | |
web_entity.instances.elasticsearch.http_info.headers.key |
text | |
web_entity.instances.elasticsearch.http_info.headers.value |
object | |
web_entity.instances.elasticsearch.http_info.headers.value.headers |
text | |
web_entity.instances.elasticsearch.http_info.status |
text | |
web_entity.instances.transport_fingerprint |
object | |
web_entity.instances.transport_fingerprint.id |
integer | |
web_entity.instances.transport_fingerprint.os |
text | |
web_entity.instances.transport_fingerprint.quic |
object | |
web_entity.instances.transport_fingerprint.quic.versions |
unsigned_long |
Raw versions presented in the QUIC version negotiation packet, if any.
|
web_entity.instances.transport_fingerprint.raw |
text | |
web_entity.instances.prometheus |
object | |
web_entity.instances.prometheus.http_info |
object | |
web_entity.instances.prometheus.http_info.headers |
nested | |
web_entity.instances.prometheus.http_info.headers.key |
text | |
web_entity.instances.prometheus.http_info.headers.value |
object | |
web_entity.instances.prometheus.http_info.headers.value.headers |
text | |
web_entity.instances.prometheus.http_info.status |
text |
Status message received from hitting /api/v1/targets.
|
web_entity.instances.prometheus.http_info.status_code |
unsigned_long |
Status code received from hitting /api/v1/targets.
|
web_entity.instances.prometheus.response |
object |
Information Prometheus captured as well as build information.
|
web_entity.instances.prometheus.response.all_versions |
text |
List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
|
web_entity.instances.prometheus.response.config_exposed |
boolean |
True when the config endpoint is exposed.
|
web_entity.instances.prometheus.response.dropped_targets |
object |
List of dropped targets.
|
web_entity.instances.prometheus.response.dropped_targets.scheme |
text |
URL scheme.
|
web_entity.instances.prometheus.response.dropped_targets.address |
text |
Address of target.
|
web_entity.instances.prometheus.response.dropped_targets.job |
text |
Job of target.
|
web_entity.instances.prometheus.response.dropped_targets.metrics_path |
text |
Path to metrics of target.
|
web_entity.instances.prometheus.response.go_versions |
text |
List of the versions of Go.
|
web_entity.instances.prometheus.response.prometheus_versions |
object | |
web_entity.instances.prometheus.response.prometheus_versions.go_version |
text |
Version of Go used to build Prometheus.
|
web_entity.instances.prometheus.response.prometheus_versions.revision |
text |
Revision of Prometheus.
|
web_entity.instances.prometheus.response.prometheus_versions.version |
text |
Version of Prometheus.
|
web_entity.instances.prometheus.response.active_targets |
object |
List of active targets.
|
web_entity.instances.prometheus.response.active_targets.discovered_labels |
object | |
web_entity.instances.prometheus.response.active_targets.discovered_labels.address |
text |
Address of target.
|
web_entity.instances.prometheus.response.active_targets.discovered_labels.job |
text |
Job of target.
|
web_entity.instances.prometheus.response.active_targets.discovered_labels.metrics_path |
text |
Path to metrics of target.
|
web_entity.instances.prometheus.response.active_targets.discovered_labels.scheme |
text |
URL scheme.
|
web_entity.instances.prometheus.response.active_targets.health |
text |
Whether target is up or down.
|
web_entity.instances.prometheus.response.active_targets.labels |
object | |
web_entity.instances.prometheus.response.active_targets.labels.instance |
text |
Instance after relabelling has occurred.
|
web_entity.instances.prometheus.response.active_targets.labels.job |
text |
Job of target after relabelling has occurred.
|
web_entity.instances.prometheus.response.active_targets.last_error |
text |
Last error that occurred within target.
|
web_entity.instances.prometheus.response.active_targets.last_scrape |
text |
Last time Prometheus scraped target.
|
web_entity.instances.prometheus.response.active_targets.scrape_url |
text |
URL that Prometheus scraped.
|
Domains
Any name registered in the Domain Name System with the format eTLD+1 (e.g., censys.io). Domain fields include DNS data such as name servers, mail servers, and registration information.
Fields
Field Name | Value Type | Description |
---|---|---|
domain |
object | |
domain.expiration_date |
date | |
domain.cloud |
text | |
domain.registrar |
text | |
domain.mail_exchange_servers |
text | |
domain.name_servers |
text | |
domain.name |
text |
Certificates
An electronic document used to prove the ownership of a public key, often used during a TLS handshake. Certificate fields include the parsed contents, and trust information from root stores, certificate transparency logs, zlint, and Censys collection metadata.
Fields
Field Name | Value Type | Description |
---|---|---|
certificate |
object | |
certificate.fingerprint_sha1 |
text | |
certificate.raw |
text | |
certificate.fingerprint_md5 |
text | |
certificate.zlint |
object | |
certificate.zlint.failed_lints |
text |
A list of lint names which failed, if applicable.
|
certificate.zlint.fatals_present |
boolean |
Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
|
certificate.zlint.notices_present |
boolean |
Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
|
certificate.zlint.timestamp |
date |
An RFC-3339-formated timestamp indicating when the certificate was linted.
|
certificate.zlint.version |
long |
The version of Zlint used to lint the certificate.
|
certificate.zlint.warnings_present |
boolean |
Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
|
certificate.zlint.errors_present |
boolean |
Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
|
certificate.revoked |
boolean | |
certificate.added_at |
date | |
certificate.modified_at |
date | |
certificate.ct |
object | |
certificate.ct.entries |
nested | |
certificate.ct.entries.value |
object | |
certificate.ct.entries.value.added_to_ct_at |
date |
An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
|
certificate.ct.entries.value.ct_to_censys_at |
date |
An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
|
certificate.ct.entries.value.index |
long |
Numerical marker of the certificate's place in the CT log.
|
certificate.ct.entries.key |
text | |
certificate.parent_spki_fingerprint_sha256 |
text | |
certificate.fingerprint_sha256 |
text | |
certificate.tbs_fingerprint_sha256 |
text | |
certificate.names |
text | |
certificate.parsed |
object | |
certificate.parsed.signature |
object | |
certificate.parsed.signature.valid |
boolean |
Whether the signature is valid.
|
certificate.parsed.signature.value |
text |
Contents of the signature.
|
certificate.parsed.signature.self_signed |
boolean |
Whether the certificate was signed by its own key.
|
certificate.parsed.signature.signature_algorithm |
object | |
certificate.parsed.signature.signature_algorithm.name |
text |
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
|
certificate.parsed.signature.signature_algorithm.oid |
text | |
certificate.parsed.unknown_extensions |
nested | |
certificate.parsed.unknown_extensions.id |
text | |
certificate.parsed.unknown_extensions.value |
text | |
certificate.parsed.unknown_extensions.critical |
boolean | |
certificate.parsed.version |
integer | |
certificate.parsed.issuer |
object |
A record containing the parsed contents of the issuer_dn.
|
certificate.parsed.issuer.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.issuer.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.issuer.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.issuer.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.issuer.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.issuer.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.issuer.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.issuer.organization_id |
text | |
certificate.parsed.issuer.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.issuer.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.issuer.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.issuer.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.issuer.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.issuer.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.issuer.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.issuer.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.issuer.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.extensions |
object |
A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
|
certificate.parsed.extensions.tor_service_descriptors |
nested | |
certificate.parsed.extensions.tor_service_descriptors.hash |
text | |
certificate.parsed.extensions.tor_service_descriptors.hash_bits |
integer | |
certificate.parsed.extensions.tor_service_descriptors.onion |
text | |
certificate.parsed.extensions.tor_service_descriptors.algorithm_name |
text | |
certificate.parsed.extensions.key_usage |
object |
The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
|
certificate.parsed.extensions.key_usage.key_agreement |
boolean |
Whether the keyAgreement bit is set.
|
certificate.parsed.extensions.key_usage.data_encipherment |
boolean |
Whether the dataEncipherment bit is set.
|
certificate.parsed.extensions.key_usage.value |
unsigned_long |
The integer value of the bitmask in the extension.
|
certificate.parsed.extensions.key_usage.digital_signature |
boolean |
Whether the digitalSignature bit is set.
|
certificate.parsed.extensions.key_usage.content_commitment |
boolean |
Whether the contentCommitment (formerly called nonRepudiation) bit is set.
|
certificate.parsed.extensions.key_usage.decipher_only |
boolean |
Whether the decipherOnly bit is set.
|
certificate.parsed.extensions.key_usage.encipher_only |
boolean |
Whether the encipherOnly bit is set.
|
certificate.parsed.extensions.key_usage.key_encipherment |
boolean |
Whether the keyEncipherment bit is set.
|
certificate.parsed.extensions.key_usage.crl_sign |
boolean |
Whether the cRLSign bit is set.
|
certificate.parsed.extensions.key_usage.certificate_sign |
boolean |
Whether the keyCertSign bit is set.
|
certificate.parsed.extensions.qc_statements |
object | |
certificate.parsed.extensions.qc_statements.ids |
text | |
certificate.parsed.extensions.qc_statements.parsed |
object | |
certificate.parsed.extensions.qc_statements.parsed.legislation |
nested | |
certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes |
text | |
certificate.parsed.extensions.qc_statements.parsed.limit |
nested | |
certificate.parsed.extensions.qc_statements.parsed.limit.exponent |
long | |
certificate.parsed.extensions.qc_statements.parsed.limit.amount |
long | |
certificate.parsed.extensions.qc_statements.parsed.limit.currency |
text | |
certificate.parsed.extensions.qc_statements.parsed.limit.currency_number |
long | |
certificate.parsed.extensions.qc_statements.parsed.pds_locations |
nested | |
certificate.parsed.extensions.qc_statements.parsed.pds_locations.language |
text | |
certificate.parsed.extensions.qc_statements.parsed.pds_locations.url |
text | |
certificate.parsed.extensions.qc_statements.parsed.retention_period |
long | |
certificate.parsed.extensions.qc_statements.parsed.sscd |
boolean | |
certificate.parsed.extensions.qc_statements.parsed.types |
nested | |
certificate.parsed.extensions.qc_statements.parsed.types.ids |
text | |
certificate.parsed.extensions.qc_statements.parsed.etsi_compliance |
boolean | |
certificate.parsed.extensions.certificate_policies |
nested |
The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
|
certificate.parsed.extensions.certificate_policies.cps |
text | |
certificate.parsed.extensions.certificate_policies.id |
text | |
certificate.parsed.extensions.certificate_policies.user_notice |
nested | |
certificate.parsed.extensions.certificate_policies.user_notice.explicit_text |
text | |
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference |
object | |
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization |
text | |
certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers |
integer | |
certificate.parsed.extensions.crl_distribution_points |
text |
The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted.
|
certificate.parsed.extensions.authority_key_id |
text |
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
|
certificate.parsed.extensions.ct_poison |
boolean |
Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
|
certificate.parsed.extensions.issuer_alt_name |
object |
The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
|
certificate.parsed.extensions.issuer_alt_name.ip_addresses |
text |
The parsed ipAddress entries in the GeneralName.
|
certificate.parsed.extensions.issuer_alt_name.other_names |
nested |
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
|
certificate.parsed.extensions.issuer_alt_name.other_names.id |
text |
The OID identifying the syntax of the otherName value.
|
certificate.parsed.extensions.issuer_alt_name.other_names.value |
text |
The raw otherName value.
|
certificate.parsed.extensions.issuer_alt_name.registered_ids |
text |
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
|
certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers |
text |
The parsed uniformResourceIdentifier entries in the GeneralName.
|
certificate.parsed.extensions.issuer_alt_name.directory_names |
nested |
The parsed directoryName entries in the GeneralName.
|
certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id |
text | |
certificate.parsed.extensions.issuer_alt_name.directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.extensions.issuer_alt_name.directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.extensions.issuer_alt_name.dns_names |
text |
The parsed dNSName entries in the GeneralName.
|
certificate.parsed.extensions.issuer_alt_name.edi_party_names |
nested |
The parsed eDIPartyName entries in the GeneralName.
|
certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner |
text | |
certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name |
text | |
certificate.parsed.extensions.issuer_alt_name.email_addresses |
text |
The parsed rfc822Name entries in the GeneralName.
|
certificate.parsed.extensions.extended_key_usage |
object |
The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
|
certificate.parsed.extensions.extended_key_usage.ipsec_end_system |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3 |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_drm |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_software_update_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.ipsec_user |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_code_signing_development |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos |
boolean | |
certificate.parsed.extensions.extended_key_usage.server_auth |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent |
boolean | |
certificate.parsed.extensions.extended_key_usage.code_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_ichat_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.email_protection |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_code_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_licenses |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_env |
boolean | |
certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_smart_display |
boolean | |
certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_document_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_system_health |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_resource_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_system_identity |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21 |
boolean | |
certificate.parsed.extensions.extended_key_usage.client_auth |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system |
boolean | |
certificate.parsed.extensions.extended_key_usage.ocsp_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_qos |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env |
boolean | |
certificate.parsed.extensions.extended_key_usage.dvcs |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_license_server |
boolean | |
certificate.parsed.extensions.extended_key_usage.ipsec_tunnel |
boolean | |
certificate.parsed.extensions.extended_key_usage.time_stamping |
boolean | |
certificate.parsed.extensions.extended_key_usage.eap_over_ppp |
boolean | |
certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env |
boolean | |
certificate.parsed.extensions.extended_key_usage.unknown |
text | |
certificate.parsed.extensions.extended_key_usage.any |
boolean | |
certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange |
boolean | |
certificate.parsed.extensions.extended_key_usage.eap_over_lan |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized |
boolean | |
certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole |
boolean | |
certificate.parsed.extensions.name_constraints |
object |
The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
|
certificate.parsed.extensions.name_constraints.excluded_email_addresses |
text |
A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_names |
text |
A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_registered_ids |
text |
A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_uris |
text |
A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_edi_party_names |
nested |
A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner |
text | |
certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name |
text | |
certificate.parsed.extensions.name_constraints.critical |
boolean | |
certificate.parsed.extensions.name_constraints.permitted_directory_names |
nested |
A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id |
text | |
certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.extensions.name_constraints.permitted_directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.extensions.name_constraints.permitted_names |
text |
A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_uris |
text |
A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_ip_addresses |
nested |
A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end |
text |
The last IP address in the range.
|
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask |
text |
The subnet mask of the CIDR.
|
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin |
text |
The first IP address in the range.
|
certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr |
text |
The CIDR specifying the subtree.
|
certificate.parsed.extensions.name_constraints.excluded_edi_party_names |
nested |
A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner |
text | |
certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name |
text | |
certificate.parsed.extensions.name_constraints.permitted_email_addresses |
text |
A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_directory_names |
nested |
A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id |
text | |
certificate.parsed.extensions.name_constraints.excluded_directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.extensions.name_constraints.excluded_ip_addresses |
nested |
A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin |
text |
The first IP address in the range.
|
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr |
text |
The CIDR specifying the subtree.
|
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end |
text |
The last IP address in the range.
|
certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask |
text |
The subnet mask of the CIDR.
|
certificate.parsed.extensions.name_constraints.excluded_registered_ids |
text |
A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
|
certificate.parsed.extensions.subject_key_id |
text |
A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
|
certificate.parsed.extensions.basic_constraints |
object |
The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
|
certificate.parsed.extensions.basic_constraints.max_path_len |
integer |
When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
|
certificate.parsed.extensions.basic_constraints.is_ca |
boolean |
Whether the certificate is permitted to sign other certificates.
|
certificate.parsed.extensions.authority_info_access |
object |
The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
|
certificate.parsed.extensions.authority_info_access.issuer_urls |
text | |
certificate.parsed.extensions.authority_info_access.ocsp_urls |
text | |
certificate.parsed.extensions.subject_alt_name |
object |
The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
|
certificate.parsed.extensions.subject_alt_name.other_names |
nested |
The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
|
certificate.parsed.extensions.subject_alt_name.other_names.id |
text |
The OID identifying the syntax of the otherName value.
|
certificate.parsed.extensions.subject_alt_name.other_names.value |
text |
The raw otherName value.
|
certificate.parsed.extensions.subject_alt_name.registered_ids |
text |
The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
|
certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers |
text |
The parsed uniformResourceIdentifier entries in the GeneralName.
|
certificate.parsed.extensions.subject_alt_name.directory_names |
nested |
The parsed directoryName entries in the GeneralName.
|
certificate.parsed.extensions.subject_alt_name.directory_names.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.extensions.subject_alt_name.directory_names.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.extensions.subject_alt_name.directory_names.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.extensions.subject_alt_name.directory_names.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.extensions.subject_alt_name.directory_names.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.extensions.subject_alt_name.directory_names.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.extensions.subject_alt_name.directory_names.organization_id |
text | |
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.extensions.subject_alt_name.directory_names.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.extensions.subject_alt_name.directory_names.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.extensions.subject_alt_name.directory_names.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.extensions.subject_alt_name.directory_names.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.extensions.subject_alt_name.directory_names.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.extensions.subject_alt_name.directory_names.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.extensions.subject_alt_name.dns_names |
text |
The parsed dNSName entries in the GeneralName.
|
certificate.parsed.extensions.subject_alt_name.edi_party_names |
nested |
The parsed eDIPartyName entries in the GeneralName.
|
certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner |
text | |
certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name |
text | |
certificate.parsed.extensions.subject_alt_name.email_addresses |
text |
The parsed rfc822Name entries in the GeneralName.
|
certificate.parsed.extensions.subject_alt_name.ip_addresses |
text |
The parsed ipAddress entries in the GeneralName.
|
certificate.parsed.extensions.cabf_organization_id |
object |
CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
|
certificate.parsed.extensions.cabf_organization_id.scheme |
text | |
certificate.parsed.extensions.cabf_organization_id.state |
text | |
certificate.parsed.extensions.cabf_organization_id.country |
text | |
certificate.parsed.extensions.cabf_organization_id.reference |
text | |
certificate.parsed.extensions.signed_certificate_timestamps |
nested | |
certificate.parsed.extensions.signed_certificate_timestamps.timestamp |
date | |
certificate.parsed.extensions.signed_certificate_timestamps.version |
integer | |
certificate.parsed.extensions.signed_certificate_timestamps.log_id |
text | |
certificate.parsed.extensions.signed_certificate_timestamps.signature |
object | |
certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm |
text | |
certificate.parsed.extensions.signed_certificate_timestamps.signature.signature |
text | |
certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm |
text | |
certificate.parsed.redacted |
boolean | |
certificate.parsed.subject_dn |
text |
Distinguished Name of the entity associated with the public key.
|
certificate.parsed.subject |
object |
A record containing the parsed contents of the subject_dn.
|
certificate.parsed.subject.jurisdiction_country |
text |
The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
|
certificate.parsed.subject.organization_id |
text | |
certificate.parsed.subject.given_name |
text |
The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
|
certificate.parsed.subject.serial_number |
keyword |
The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
|
certificate.parsed.subject.province |
text |
The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
|
certificate.parsed.subject.common_name |
text |
The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
|
certificate.parsed.subject.country |
text |
The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
|
certificate.parsed.subject.email_address |
text |
The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
|
certificate.parsed.subject.organizational_unit |
text |
The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
|
certificate.parsed.subject.street_address |
text |
The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
|
certificate.parsed.subject.postal_code |
keyword |
The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
|
certificate.parsed.subject.domain_component |
text |
The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
|
certificate.parsed.subject.surname |
text |
The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
|
certificate.parsed.subject.organization |
text |
The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
|
certificate.parsed.subject.locality |
text |
The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
|
certificate.parsed.subject.jurisdiction_locality |
text |
The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
|
certificate.parsed.subject.jurisdiction_province |
text |
The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
|
certificate.parsed.subject_key_info |
object |
Information about the certificate's public key.
|
certificate.parsed.subject_key_info.unrecognized |
object |
A record containing known information about an unrecognized key type.
|
certificate.parsed.subject_key_info.unrecognized.raw |
text | |
certificate.parsed.subject_key_info.dsa |
object |
A record containing the public portion of a DSA asymmetric key.
|
certificate.parsed.subject_key_info.dsa.q |
text | |
certificate.parsed.subject_key_info.dsa.y |
text | |
certificate.parsed.subject_key_info.dsa.g |
text | |
certificate.parsed.subject_key_info.dsa.p |
text | |
certificate.parsed.subject_key_info.ecdsa |
object |
A record containing the public portion of an ECDSA asymmetric key.
|
certificate.parsed.subject_key_info.ecdsa.gy |
text | |
certificate.parsed.subject_key_info.ecdsa.length |
long | |
certificate.parsed.subject_key_info.ecdsa.y |
text | |
certificate.parsed.subject_key_info.ecdsa.n |
text | |
certificate.parsed.subject_key_info.ecdsa.x |
text | |
certificate.parsed.subject_key_info.ecdsa.p |
text | |
certificate.parsed.subject_key_info.ecdsa.b |
text | |
certificate.parsed.subject_key_info.ecdsa.curve |
text | |
certificate.parsed.subject_key_info.ecdsa.gx |
text | |
certificate.parsed.subject_key_info.ecdsa.pub |
text | |
certificate.parsed.subject_key_info.fingerprint_sha256 |
text |
The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
|
certificate.parsed.subject_key_info.key_algorithm |
object |
A record containing information about the type of subject key algorithm and any relevant parameters.
|
certificate.parsed.subject_key_info.key_algorithm.name |
text |
Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
|
certificate.parsed.subject_key_info.key_algorithm.oid |
text | |
certificate.parsed.subject_key_info.rsa |
object |
A record containing the public portion of an RSA asymmetric key.
|
certificate.parsed.subject_key_info.rsa.exponent |
long |
The RSA key's public exponent (e).
|
certificate.parsed.subject_key_info.rsa.length |
long |
Bit-length of the RSA modulus.
|
certificate.parsed.subject_key_info.rsa.modulus |
text |
The RSA key's modulus (n) in big-endian encoding.
|
certificate.parsed.serial_number_hex |
text |
Issuer-specific identifier of the certificate, represented as hexadecimal.
|
certificate.parsed.issuer_dn |
text |
Distinguished Name of the entity that has signed and issued the certificate.
|
certificate.parsed.serial_number |
text |
Issuer-specific identifier of the certificate.
|
certificate.parsed.validity_period |
object |
Information about the time for which the certificate is valid.
|
certificate.parsed.validity_period.not_after |
date |
An RFC-3339-formatted timestamp after which the certificate is no longer valid.
|
certificate.parsed.validity_period.not_before |
date |
An RFC-3339-formatted timestamp before which the certificate is not valid.
|
certificate.parsed.validity_period.length_seconds |
long |
The duration of the certificate's validity period, in seconds.
|
certificate.association_class |
text | |
certificate.revocation |
object | |
certificate.revocation.ocsp |
object | |
certificate.revocation.ocsp.revoked |
boolean |
Whether the certificate was revoked before its expiry date by the issuer.
|
certificate.revocation.ocsp.next_update |
date | |
certificate.revocation.ocsp.reason |
text |
An enumerated value indicating the issuer-supplied reason for the revocation.
|
certificate.revocation.ocsp.revocation_time |
date |
The issuer-supplied timestamp indicating when the certificate was revoked.
|
certificate.revocation.crl |
object | |
certificate.revocation.crl.revocation_time |
date |
The issuer-supplied timestamp indicating when the certificate was revoked.
|
certificate.revocation.crl.revoked |
boolean |
Whether the certificate was revoked before its expiry date by the issuer.
|
certificate.revocation.crl.next_update |
date | |
certificate.revocation.crl.reason |
text |
An enumerated value indicating the issuer-supplied reason for the revocation.
|
certificate.tbs_no_ct_fingerprint_sha256 |
text | |
certificate.precert |
boolean | |
certificate.ever_seen_in_scan |
boolean | |
certificate.validation |
object | |
certificate.validation.apple |
object |
A record containing validation information about the certificate from the Apple root store.
|
certificate.validation.apple.ever_valid |
boolean |
Whether the certificate was ever considered valid by the root store.
|
certificate.validation.apple.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.apple.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.apple.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
|
certificate.validation.apple.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
|
certificate.validation.apple.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
|
certificate.validation.apple.type |
text |
The certificate's type. Options include root, intermediate, or leaf.
|
certificate.validation.apple.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
|
certificate.validation.apple.chains.sha256fp |
text | |
certificate.validation.chrome |
object |
A record containing validation information about the certificate from the Chrome root store.
|
certificate.validation.chrome.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.chrome.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
|
certificate.validation.chrome.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
|
certificate.validation.chrome.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
|
certificate.validation.chrome.type |
text |
The certificate's type. Options include root, intermediate, or leaf.
|
certificate.validation.chrome.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
|
certificate.validation.chrome.chains.sha256fp |
text | |
certificate.validation.chrome.ever_valid |
boolean |
Whether the certificate was ever considered valid by the root store.
|
certificate.validation.chrome.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.microsoft |
object |
A record containing validation information about the certificate from the Microsoft root store.
|
certificate.validation.microsoft.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.microsoft.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
|
certificate.validation.microsoft.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
|
certificate.validation.microsoft.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
|
certificate.validation.microsoft.type |
text |
The certificate's type. Options include root, intermediate, or leaf.
|
certificate.validation.microsoft.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
|
certificate.validation.microsoft.chains.sha256fp |
text | |
certificate.validation.microsoft.ever_valid |
boolean |
Whether the certificate was ever considered valid by the root store.
|
certificate.validation.microsoft.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.nss |
object |
A record containing validation information about the certificate from the Mozilla NSS root store.
|
certificate.validation.nss.parents |
text |
The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
|
certificate.validation.nss.type |
text |
The certificate's type. Options include root, intermediate, or leaf.
|
certificate.validation.nss.chains |
nested |
A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
|
certificate.validation.nss.chains.sha256fp |
text | |
certificate.validation.nss.ever_valid |
boolean |
Whether the certificate was ever considered valid by the root store.
|
certificate.validation.nss.had_trusted_path |
boolean |
Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.nss.has_trusted_path |
boolean |
Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
|
certificate.validation.nss.in_revocation_set |
boolean |
Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
|
certificate.validation.nss.is_valid |
boolean |
Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
|
certificate.parse_status |
text | |
certificate.spki_fingerprint_sha256 |
text | |
certificate.validated_at |
date | |
certificate.validation_level |
text |
Storage Buckets
A cloud object storage system, supporting files or other objects, which includes solutions like Amazon S3, Google Cloud Storage, and Azure Blob Storage. Storage bucket fields include account information (if available from a Censys Cloud Connector) and externally observed access settings.
Fields
Field Name | Value Type | Description |
---|---|---|
storage_bucket |
object | |
storage_bucket.account_id |
text | |
storage_bucket.scanned_at |
date | |
storage_bucket.writable_objects |
boolean | |
storage_bucket.cri |
text | |
storage_bucket.uri |
text | |
storage_bucket.provider |
text | |
storage_bucket.readable_objects |
boolean | |
storage_bucket.editable_settings |
boolean | |
storage_bucket.name |
text |
Risks
Risks are weaknesses detected in assets that Censys believes should be remediated. Risk fields include statuses and detection and last observation time stamps.
Fields
Field Name | Value Type | Description |
---|---|---|
risks |
nested | |
risks.discovered_at |
date | |
risks.name |
text | |
risks.severity |
text | |
risks.status |
text | |
risks.type |
text | |
risks.user_status |
text | |
risks.categories |
text |
Others
Top-level information such as user-applied tags.
Fields
Field Name | Value Type | Description |
---|---|---|
type |
text | |
association_date |
date | |
source |
text | |
tags |
text |