Abnormal Security
编辑Abnormal Security
编辑Abnormal Security 是一个基于行为人工智能的电子邮件安全平台,它可以学习云电子邮件环境中每个身份的行为,并分析每个事件的风险,以阻止最复杂的攻击。
Abnormal Security 集成使用 REST API 收集 AI 安全邮箱(以前称为滥用邮箱)、审计、案例和威胁日志的数据。
数据流
编辑Abnormal Security 集成收集四种类型的日志
要求
编辑您需要安装 Elastic Agent。有关详细指南,请参阅 Elastic Agent 安装说明。
安装和管理 Elastic Agent
编辑安装和管理 Elastic Agent 有多种选择
安装 Fleet 管理的 Elastic Agent(推荐)
编辑使用这种方法,您可以安装 Elastic Agent,并使用 Kibana 中的 Fleet 在中心位置定义、配置和管理您的代理。我们建议使用 Fleet 管理,因为它使您的代理的管理和升级变得相当容易。
以独立模式安装 Elastic Agent(高级用户)
编辑使用这种方法,您可以安装 Elastic Agent,并在安装它的系统上本地手动配置代理。您负责管理和升级代理。此方法仅适用于高级用户。
在容器化环境中安装 Elastic Agent
编辑您可以在容器内运行 Elastic Agent,无论使用 Fleet Server 还是独立模式。所有版本的 Elastic Agent 的 Docker 镜像都可从 Elastic Docker 注册表中获取,并且我们提供了在 Kubernetes 上运行的部署清单。
在安装 Elastic Agent 之前,请检查最低要求。
设置
编辑从 Abnormal Security Client API 收集数据
编辑步骤 1:转到门户
编辑- 访问 Abnormal Security 门户,然后单击
Abnormal REST API设置。
步骤 2:生成身份验证令牌
编辑- 检索您的身份验证令牌。此令牌将在 Elastic 集成设置中进一步使用,以进行身份验证并访问不同的 Abnormal Security 日志。
步骤 3:IP 允许列表
编辑- Abnormal Security 要求您根据源 IP 限制 API 访问。因此,为了使集成正常工作,用户需要更新 IP 允许列表,以包括通过 Elastic Agent 运行集成的端点的外部源 IP。
在 Elastic 中启用集成
编辑- 在 Kibana 中,导航到“管理”>“集成”。
- 在顶部的“搜索集成”栏中,搜索
Abnormal Security。 - 从搜索结果中选择“Abnormal Security”集成。
- 选择“添加 Abnormal Security”以添加集成。
- 添加所有必需的集成配置参数,包括访问令牌、间隔、初始间隔和页面大小,以启用数据收集。
- 选择“保存并继续”以保存集成。
默认情况下,URL 设置为 https://api.abnormalplatform.com。我们观察到 Abnormal Security 基本 URL 会根据位置而变化,因此请找到您自己的基本 URL。
日志参考
编辑AI 安全邮箱
编辑这是 ai_security_mailbox 数据集。
示例
以下是 ai_security_mailbox 的示例事件
{
"@timestamp": "2024-07-26T10:30:06.000Z",
"abnormal_security": {
"ai_security_mailbox": {
"attack": {
"type": "Attack Type: Graymail"
},
"campaign_id": "fff51768-c446-34e1-97a8-9802c29c3ebd",
"first_reported": "2024-07-26T10:30:06.000Z",
"from": {
"address": "[email protected]",
"name": "[email protected]"
},
"judgement_status": "Safe",
"last_reported": "2024-07-26T10:30:06.000Z",
"message_id": "7063250485337877109",
"overall_status": "No Action Needed",
"recipient": {
"address": "[email protected]",
"name": "john"
},
"subject": "Days of Understanding 2024"
}
},
"agent": {
"ephemeral_id": "cafadbdd-dc09-45ac-aec4-49d7250ebd32",
"id": "9783be93-6fa9-44ba-8f6d-eda7dcb99151",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"data_stream": {
"dataset": "abnormal_security.ai_security_mailbox",
"namespace": "38204",
"type": "logs"
},
"destination": {
"user": {
"name": "john"
}
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "9783be93-6fa9-44ba-8f6d-eda7dcb99151",
"snapshot": false,
"version": "8.13.0"
},
"email": {
"from": {
"address": [
"[email protected]"
]
},
"subject": "Days of Understanding 2024",
"to": {
"address": [
"[email protected]"
]
}
},
"event": {
"agent_id_status": "verified",
"dataset": "abnormal_security.ai_security_mailbox",
"id": "7063250485337877109",
"ingested": "2024-08-08T05:41:05Z",
"kind": "event",
"original": "{\"attackType\":\"Attack Type: Graymail\",\"campaignId\":\"fff51768-c446-34e1-97a8-9802c29c3ebd\",\"firstReported\":\"2024-07-26T10:30:06Z\",\"fromAddress\":\"[email protected]\",\"fromName\":\"[email protected]\",\"judgementStatus\":\"Safe\",\"lastReported\":\"2024-07-26T10:30:06Z\",\"messageId\":\"7063250485337877109\",\"overallStatus\":\"No Action Needed\",\"recipientAddress\":\"[email protected]\",\"recipientName\":\"john\",\"subject\":\"Days of Understanding 2024\"}"
},
"input": {
"type": "cel"
},
"observer": {
"product": "Inbound Email Security",
"vendor": "Abnormal"
},
"related": {
"user": [
"[email protected]",
"[email protected]",
"john"
]
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"abnormal_security-ai_security_mailbox"
],
"threat": {
"tactic": {
"name": [
"Attack Type: Graymail"
]
}
},
"user": {
"email": "[email protected]"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
abnormal_security.ai_security_mailbox.attack.type |
消息代表的威胁类型。 |
keyword |
abnormal_security.ai_security_mailbox.campaign_id |
映射到滥用活动的 ID。 |
keyword |
abnormal_security.ai_security_mailbox.first_reported |
首次报告滥用活动的日期。 |
date |
abnormal_security.ai_security_mailbox.from.address |
发件人的电子邮件地址。 |
keyword |
abnormal_security.ai_security_mailbox.from.name |
发件人的显示名称。 |
keyword |
abnormal_security.ai_security_mailbox.judgement_status |
消息的判断状态。 |
keyword |
abnormal_security.ai_security_mailbox.last_reported |
上次报告滥用活动的日期。 |
date |
abnormal_security.ai_security_mailbox.message_id |
滥用活动中第一条消息的唯一标识符。 |
keyword |
abnormal_security.ai_security_mailbox.overall_status |
消息的整体状态。 |
keyword |
abnormal_security.ai_security_mailbox.recipient.address |
收件人的电子邮件地址。 |
keyword |
abnormal_security.ai_security_mailbox.recipient.name |
收件人的姓名。 |
keyword |
abnormal_security.ai_security_mailbox.subject |
滥用活动中第一封电子邮件的主题。 |
keyword |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
审计
编辑这是 audit 数据集。
示例
以下是 audit 的示例事件
{
"@timestamp": "2024-07-17T15:39:32.141Z",
"abnormal_security": {
"audit": {
"action": "update_remediation_status",
"action_details": {
"request_url": "/v1.0/search_v2/666/purge_messages/"
},
"category": "search-and-respond-notifications",
"source_ip": "81.2.69.142",
"status": "SUCCESS",
"timestamp": "2024-07-17T15:39:32.141Z",
"user": {
"email": "[email protected]"
}
}
},
"agent": {
"ephemeral_id": "40cced4d-2587-4880-a6ad-3fe697d9ca7f",
"id": "7aaba523-565c-4597-bc42-59135436336b",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"data_stream": {
"dataset": "abnormal_security.audit",
"namespace": "19380",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "7aaba523-565c-4597-bc42-59135436336b",
"snapshot": false,
"version": "8.13.0"
},
"event": {
"action": "update_remediation_status",
"agent_id_status": "verified",
"category": [
"configuration"
],
"dataset": "abnormal_security.audit",
"ingested": "2024-08-06T09:41:39Z",
"kind": "event",
"original": "{\"action\":\"update_remediation_status\",\"actionDetails\":{\"providedReason\":\"null\",\"requestUrl\":\"/v1.0/search_v2/666/purge_messages/\"},\"category\":\"search-and-respond-notifications\",\"sourceIp\":\"81.2.69.142\",\"status\":\"SUCCESS\",\"tenantName\":\"\",\"timestamp\":\"2024-07-17 15:39:32.141000+00:00\",\"user\":{\"email\":\"[email protected]\"}}",
"outcome": "success",
"type": [
"info",
"change"
]
},
"input": {
"type": "cel"
},
"observer": {
"product": "Inbound Email Security",
"vendor": "Abnormal"
},
"related": {
"ip": [
"81.2.69.142"
],
"user": [
"[email protected]"
]
},
"source": {
"geo": {
"city_name": "London",
"continent_name": "Europe",
"country_iso_code": "GB",
"country_name": "United Kingdom",
"location": {
"lat": 51.5142,
"lon": -0.0931
},
"region_iso_code": "GB-ENG",
"region_name": "England"
},
"ip": "81.2.69.142"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"abnormal_security-audit"
],
"url": {
"extension": "0/search_v2/666/purge_messages/",
"original": "/v1.0/search_v2/666/purge_messages/",
"path": "/v1.0/search_v2/666/purge_messages/"
},
"user": {
"email": "[email protected]"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
abnormal_security.audit.action |
事件期间执行的特定操作。此字段是可选的,可能不存在。 |
keyword |
abnormal_security.audit.action_details.message_id |
执行操作的消息的 ID。 |
keyword |
abnormal_security.audit.action_details.provided_reason |
执行操作的原因。 |
keyword |
abnormal_security.audit.action_details.request_url |
请求的 URL。 |
keyword |
abnormal_security.audit.category |
执行的操作的类别。 |
keyword |
abnormal_security.audit.source_ip |
导致事件的设备的 IP 地址。 |
ip |
abnormal_security.audit.status |
事件的结果。返回为 SUCCESS 或 FAILURE。 |
keyword |
abnormal_security.audit.tenant_name |
用户有权访问的租户的名称。 |
keyword |
abnormal_security.audit.timestamp |
事件发生时的 UTC 日期/时间。 |
date |
abnormal_security.audit.user.email |
用户的电子邮件地址。 |
keyword |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
案例
编辑这是 case 数据集。
示例
以下是 case 的示例事件
{
"@timestamp": "2024-08-06T09:42:32.438Z",
"abnormal_security": {
"case": {
"affected_employee": "[email protected]",
"analysis": "SIGN_IN",
"customer_visible_time": "2024-01-05T12:33:25.000Z",
"first_observed": "2024-01-05T12:33:25.000Z",
"id": "1234",
"remediation_status": "Not remediated",
"severity": "Account Takeover",
"severity_level": "LOW",
"status": "Acknowledged (Attack resolved)"
}
},
"agent": {
"ephemeral_id": "d459a481-d0b8-4f26-afd1-ceed8531465a",
"id": "7aaba523-565c-4597-bc42-59135436336b",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"data_stream": {
"dataset": "abnormal_security.case",
"namespace": "48573",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "7aaba523-565c-4597-bc42-59135436336b",
"snapshot": false,
"version": "8.13.0"
},
"event": {
"action": "sign_in",
"agent_id_status": "verified",
"dataset": "abnormal_security.case",
"id": "1234",
"ingested": "2024-08-06T09:42:44Z",
"kind": "event",
"original": "{\"affectedEmployee\":\"[email protected]\",\"analysis\":\"SIGN_IN\",\"caseId\":1234,\"case_status\":\"Acknowledged (Attack resolved)\",\"customerVisibleTime\":\"2024-01-05T12:33:25+00:00\",\"firstObserved\":\"2024-01-05T12:33:25+00:00\",\"remediation_status\":\"Not remediated\",\"severity\":\"Account Takeover\",\"severity_level\":\"LOW\",\"threatIds\":[]}",
"severity": 1,
"start": "2024-01-05T12:33:25.000Z",
"type": [
"info"
]
},
"input": {
"type": "cel"
},
"observer": {
"product": "Inbound Email Security",
"vendor": "Abnormal"
},
"related": {
"user": [
"[email protected]"
]
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"abnormal_security-case"
],
"user": {
"email": "[email protected]"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
abnormal_security.case.affected_employee |
此案例涉及的员工。 |
keyword |
abnormal_security.case.analysis |
keyword |
|
abnormal_security.case.customer_visible_time |
date |
|
abnormal_security.case.description |
keyword |
|
abnormal_security.case.first_observed |
首次观察到可疑行为的时间。 |
date |
abnormal_security.case.id |
此案例的唯一标识符。 |
keyword |
abnormal_security.case.remediation_status |
keyword |
|
abnormal_security.case.severity |
此案例的严重性级别描述。 |
keyword |
abnormal_security.case.severity_level |
keyword |
|
abnormal_security.case.status |
keyword |
|
abnormal_security.case.threat_ids |
与案例相关的威胁。 |
keyword |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
威胁
编辑这是 threat 数据集。
示例
以下是 threat 的示例事件
{
"@timestamp": "2024-07-17T23:25:38.000Z",
"abnormal_security": {
"threat": {
"abx_message_id": "2260288475997441000",
"abx_portal_url": "https://portal.abnormalsecurity.com/home/threat-center/remediation-history/3456765434567654",
"attachment_count": 0,
"attack": {
"strategy": "Unknown Sender",
"type": "Spam",
"vector": "Link"
},
"attacked_party": "Employee (Other)",
"auto_remediated": true,
"from_address": "[email protected]",
"from_name": "john",
"id": "bf255f2d-a2ad-3f50-5075-fdcc24308bbd",
"impersonated_party": "None / Others",
"internet_message_id": "<AZz8NUMEST-qmuz77_koic@example>",
"is_read": false,
"post_remediated": false,
"received_time": "2024-07-17T23:25:38.000Z",
"recipient_address": "[email protected]",
"remediation_status": "Auto-Remediated",
"remediation_timestamp": "2024-07-17T23:25:45.735Z",
"return_path": "[email protected]",
"sender_domain": "example.com",
"sender_ip_address": "81.2.69.142",
"sent_time": "2024-07-17T23:25:29.000Z",
"subject": "YoU.have.𝗪𝟬0𝗡𝗡 a K0baIt 215-piece_ToooI_Set_Noo0wW..#GBOB",
"summary_insights": [
"Abnormal Email Body HTML",
"Invisible characters found in Email",
"Suspicious Link",
"Unusual Sender",
"Unusual Sender Domain"
],
"to_addresses": [
"[email protected]"
],
"url_count": 1,
"urls": [
"https://www.example.com/"
]
}
},
"agent": {
"ephemeral_id": "900a737b-86e9-4b31-8902-9e933e02c4bc",
"id": "16312af4-ae1e-4ca5-855f-6cb7e433a5a4",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"data_stream": {
"dataset": "abnormal_security.threat",
"namespace": "81591",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "16312af4-ae1e-4ca5-855f-6cb7e433a5a4",
"snapshot": false,
"version": "8.13.0"
},
"email": {
"delivery_timestamp": "2024-07-17T23:25:38.000Z",
"from": {
"address": [
"[email protected]"
]
},
"message_id": "<AZz8NUMEST-qmuz77_koic@example>",
"origination_timestamp": "2024-07-17T23:25:29.000Z",
"subject": "YoU.have.𝗪𝟬0𝗡𝗡 a K0baIt 215-piece_ToooI_Set_Noo0wW..#GBOB",
"to": {
"address": [
"[email protected]"
]
}
},
"event": {
"agent_id_status": "verified",
"category": [
"threat",
"email"
],
"dataset": "abnormal_security.threat",
"id": "2260288475997441000",
"ingested": "2024-09-03T05:30:00Z",
"kind": "enrichment",
"original": "{\"abxMessageId\":2260288475997441000,\"abxPortalUrl\":\"https://portal.abnormalsecurity.com/home/threat-center/remediation-history/3456765434567654\",\"attachmentCount\":0,\"attachmentNames\":[],\"attackStrategy\":\"Unknown Sender\",\"attackType\":\"Spam\",\"attackVector\":\"Link\",\"attackedParty\":\"Employee (Other)\",\"autoRemediated\":true,\"ccEmails\":[],\"fromAddress\":\"[email protected]\",\"fromName\":\"john\",\"impersonatedParty\":\"None / Others\",\"internetMessageId\":\"\\u003cAZz8NUMEST-qmuz77_koic@example\\u003e\",\"isRead\":false,\"postRemediated\":false,\"receivedTime\":\"2024-07-17T23:25:38Z\",\"recipientAddress\":\"[email protected]\",\"remediationStatus\":\"Auto-Remediated\",\"remediationTimestamp\":\"2024-07-17T23:25:45.73564Z\",\"replyToEmails\":[],\"returnPath\":\"[email protected]\",\"senderDomain\":\"example.com\",\"senderIpAddress\":\"81.2.69.142\",\"sentTime\":\"2024-07-17T23:25:29Z\",\"subject\":\"YoU.have.𝗪𝟬0𝗡𝗡 a K0baIt 215-piece_ToooI_Set_Noo0wW..#GBOB\",\"summaryInsights\":[\"Abnormal Email Body HTML\",\"Invisible characters found in Email\",\"Suspicious Link\",\"Unusual Sender\",\"Unusual Sender Domain\"],\"threatId\":\"bf255f2d-a2ad-3f50-5075-fdcc24308bbd\",\"toAddresses\":[\"[email protected]\"],\"urlCount\":1,\"urls\":[\"https://www.example.com/\"]}",
"reference": "https://portal.abnormalsecurity.com/home/threat-center/remediation-history/3456765434567654",
"type": [
"indicator",
"info"
]
},
"input": {
"type": "cel"
},
"observer": {
"product": "Inbound Email Security",
"vendor": "Abnormal"
},
"related": {
"hosts": [
"example.com"
],
"ip": [
"81.2.69.142"
],
"user": [
"[email protected]",
"john",
"[email protected]",
"[email protected]"
]
},
"source": {
"domain": "example.com",
"geo": {
"city_name": "London",
"continent_name": "Europe",
"country_iso_code": "GB",
"country_name": "United Kingdom",
"location": {
"lat": 51.5142,
"lon": -0.0931
},
"region_iso_code": "GB-ENG",
"region_name": "England"
},
"ip": "81.2.69.142"
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields",
"forwarded",
"abnormal_security-threat"
],
"threat": {
"indicator": {
"email": {
"address": "[email protected]"
},
"name": "[email protected]",
"reference": "https://portal.abnormalsecurity.com/home/threat-center/remediation-history/3456765434567654",
"type": "email-addr"
},
"tactic": {
"name": [
"Spam"
]
},
"technique": {
"name": [
"Unknown Sender"
]
}
},
"user": {
"name": "john"
}
}
导出的字段
| 字段 | 描述 | 类型 |
|---|---|---|
@timestamp |
事件时间戳。 |
date |
abnormal_security.threat.abx_message_id |
威胁(即电子邮件活动)中单个消息的唯一标识符。 |
keyword |
abnormal_security.threat.abx_portal_url |
在 Abnormal Security 的门户 Web 界面中可以查看特定消息详细信息的 URL。 |
keyword |
abnormal_security.threat.attachment_count |
电子邮件中的附件数(仅适用于 IESS 客户)。 |
long |
abnormal_security.threat.attachment_names |
附件名称列表(如果有)。 |
keyword |
abnormal_security.threat.attack.strategy |
keyword |
|
abnormal_security.threat.attack.type |
消息代表的威胁类型。 |
keyword |
abnormal_security.threat.attack.vector |
攻击媒介。 |
keyword |
abnormal_security.threat.attacked_party |
攻击的目标方。 |
keyword |
abnormal_security.threat.auto_remediated |
指示 Abnormal 是否已自动检测到并修复用户收件箱中的消息。注意:Abnormal 已保留此字段和 postRemediated 字段以支持先前的集成,但在新创建的集成中,您应该从 remediationStatus 字段捕获此信息。 |
boolean |
abnormal_security.threat.cc_emails |
抄送的电子邮件地址列表。 |
keyword |
abnormal_security.threat.from_address |
发件人的电子邮件地址。 |
keyword |
abnormal_security.threat.from_name |
发件人的显示名称。 |
keyword |
abnormal_security.threat.id |
映射到威胁活动的 ID。一个威胁活动可能会被多个用户收到。 |
keyword |
abnormal_security.threat.impersonated_party |
假冒方(如果有)。 |
keyword |
abnormal_security.threat.internet_message_id |
根据 RFC 822 的 Internet 消息 ID。 |
keyword |
abnormal_security.threat.is_read |
电子邮件是否已读。 |
boolean |
abnormal_security.threat.post_remediated |
指示 Abnormal 是否在稍后时间修复了该活动,在它进入用户收件箱之后。注意:Abnormal 已保留此字段和 autoRemediated 字段以支持先前的集成,但在新创建的集成中,您应该从 remediationStatus 字段捕获此信息。 |
boolean |
abnormal_security.threat.received_time |
收到此消息的时间戳。 |
date |
abnormal_security.threat.recipient_address |
实际收到消息的用户的电子邮件地址。 |
keyword |
abnormal_security.threat.remediation_status |
电子邮件威胁的修复状态。 |
keyword |
abnormal_security.threat.remediation_timestamp |
修复此消息的时间戳,如果未修复,则为空。 |
date |
abnormal_security.threat.reply_to_emails |
电子邮件的回复列表。 |
keyword |
abnormal_security.threat.return_path |
keyword |
|
abnormal_security.threat.sender_domain |
发件人的电子邮件域(仅适用于 IESS 客户)。 |
keyword |
abnormal_security.threat.sender_ip_address |
发件人的 IP 地址。 |
ip |
abnormal_security.threat.sent_time |
发送此消息的时间戳。 |
date |
abnormal_security.threat.subject |
电子邮件主题。 |
keyword |
abnormal_security.threat.summary_insights |
对此攻击的见解摘要。 |
keyword |
abnormal_security.threat.to_addresses |
发送消息的所有电子邮件地址,逗号分隔,并且在 255 个字符处截断。 |
keyword |
abnormal_security.threat.url_count |
电子邮件中的 URL 数(仅适用于 IESS 客户)。 |
long |
abnormal_security.threat.urls |
电子邮件正文中存在的 URL(如果有)。 |
keyword |
data_stream.dataset |
数据流数据集。 |
constant_keyword |
data_stream.namespace |
数据流命名空间。 |
constant_keyword |
data_stream.type |
数据流类型。 |
constant_keyword |
event.dataset |
事件数据集。 |
constant_keyword |
event.module |
事件模块。 |
constant_keyword |
input.type |
Filebeat 输入的类型。 |
keyword |
log.offset |
日志偏移量。 |
long |
变更日志
编辑变更日志
| 版本 | 详细信息 | Kibana 版本 |
|---|---|---|
1.1.0 |
增强 (查看拉取请求) |
8.13.0 或更高版本 |
1.0.1 |
Bug 修复 (查看拉取请求) |
8.13.0 或更高版本 |
1.0.0 |
增强 (查看拉取请求) |
8.13.0 或更高版本 |
0.1.2 |
Bug 修复 (查看拉取请求) |
— |
0.1.1 |
增强 (查看拉取请求) |
— |
0.1.0 |
增强 (查看拉取请求) |
— |