ConfigFingerprint returns a unique string to identify search config for a given instance.

IsAPIError checks if an es response contains an error.

NewClient creates a new Client.

Default configuration values.

3 minutes.

30 seconds.

Supported field schemas.

Supported field schemas.

Protocol Numbers: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.

ErrQueryTimeout is returned when the search query has timed out.

SupportedEventTypes is a list of event types supported by the module.

Client is an elasticsearch client capable of pulling telemetry data from and pushing alphasoc threats to an es instance.

Config keeps the main config of elasticsearch input.

DocRange is used in SearchQuery.

DocRangeField is used in DocRange.

DocValueField as defined by the es Search API.

EventsCursor is an iterator which downloads paginated search results returned within an open Point-In-Time.

FieldNamesConfig is a list of elastic document field names.

Hit is a single document returned within an es search.

PointInTime is something like a SQL's transaction.

ScrollSearch is a deprecated way of retrieving paginated search results.

SearchConfig contains all necessary information for running a periodic search to retrieve telemetry, extract required fields and send data to AlphaSOC API.

SearchQuery is a JSON object passed to es instance when doing a search.

SearchResult is a json dictionary returned by an es search.

FieldPath is a field name path in a nested elasticsearch document.

IndexSchema is used to select a predefined field names configuration.