Associated Fields

Associated Fields
Field Name Example Values Field Type Notes
associated_ip IPv4,IPv6 ip  
associated_host IPv4,ipv6,hostname,fqdn keyword  
associated_mac a0:b4:44:01:a9:d1 keyword MAC address of host, colon-delimited and lower case
associated_hash   keyword md5,sha1,sha256,sha512,imp
associated_category   keyword TBD: Not sure if this is useful
associated_user_name user names, user emails keyword (normalized:loweronly) Any associated/alternate user ID or email, can be a set of multiple values.
associated_user_id User ID values such as SIDs, identity tokens, certificates keyword This will be a field that maps to all user ID values that are associated with a user context. This can/may eventually be populated from the user framework.