IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Salesforce fields Snyk fields »
Elastic Docs Filebeat Reference [8.18] Exported fields

Google Santa fields

A newer version is available. Check out the latest documentation.

Google Santa fields

Santa Module

santa

santa.action

Action

type: keyword

example: EXEC

santa.decision

Decision that santad took.

type: keyword

example: ALLOW

santa.reason

Reason for the decsision.

type: keyword

example: CERT

santa.mode

Operating mode of Santa.

type: keyword

example: M

disk

Fields for DISKAPPEAR actions.

santa.disk.volume

The volume name.

santa.disk.bus

The disk bus protocol.

santa.disk.serial

The disk serial number.

santa.disk.bsdname

The disk BSD name.

example: disk1s3

santa.disk.model

The disk model.

example: APPLE SSD SM0512L

santa.disk.fs

The disk volume kind (filesystem type).

example: apfs

santa.disk.mount

The disk volume path.

santa.certificate.common_name

Common name from code signing certificate.

type: keyword

santa.certificate.sha256

SHA256 hash of code signing certificate.

type: keyword

« Salesforce fields Snyk fields »