This page lists every field whose value can be searched within the Hosts dataset.

The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.

Hosts

HOST INFORMATION

Path Type Docs
ip ip
name text

SERVICE INFORMATION

Path Type Docs
services.banner text
services.banner_hex text
services.extended_service_name text
services.perspective_id text
services.port integer
services.service_name text
services.source_ip ip
services.transport_protocol text
services.truncated boolean

HOST DNS

Path Type Docs
dns.names text Names that resolve to the host
dns.reverse_dns.names text
dns.reverse_dns.resolved_at date

HOST LOCATION

Path Type Docs
location.city text The English name of the detected city.
location.continent keyword The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
location.coordinates.latitude double
location.coordinates.longitude double
location.country text The English name of the detected country.
location.country_code keyword The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.postal_code keyword The postal code (if applicable) of the detected location.
location.province text The state or province name of the detected location.
location.registered_country text The English name of the registered country.
location.registered_country_code keyword The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.timezone text The IANA time zone database name of the detected location.

HOST OPERATING SYSTEM

Path Type Docs
operating_system.component_uniform_resource_identifiers text URIs of software components related to the identified software.
operating_system.cpe text CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
operating_system.edition text Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
operating_system.language text Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
operating_system.other.key text
operating_system.other.value text
operating_system.part keyword Defines the class of this software, a for application, o for operating system, h for hardware devices.
operating_system.product text Identifies the most common and recognizable title or name of the product.
operating_system.source text Defines the source that this software information was derived from.
operating_system.sw_edition text Characterizes how the product is tailored to a particular market or class of end users.
operating_system.target_hw text Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
operating_system.target_sw text Characterizes the software computing environment within which the product operates.
operating_system.update text Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
operating_system.vendor text Identifies the person or organization that manufactured or created the product.
operating_system.version text Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

HOST AUTONOMOUS SYSTEM

Path Type Docs
autonomous_system.asn unsigned_long The ASN (autonomous system number) of the host's autonomous system.
autonomous_system.bgp_prefix ip_range The autonomous system's CIDR.
autonomous_system.country_code keyword The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
autonomous_system.description text Brief description of the autonomous system.
autonomous_system.name text The friendly name of the autonomous system.
autonomous_system.organization text The name of the organization managning the autonomous system.

TLS

Path Type Docs
services.certificate text
services.jarm.cipher_and_version_fingerprint text The first 30 byte portion of the Jarm fingerprint.
services.jarm.fingerprint text The 62 byte Jarm fingerprint of the service.
services.jarm.observed_at date The time the service was fingerprinted
services.jarm.tls_extensions_sha256 text The second 32 byte portion of the Jarm fingerprint
services.tls.certificate.added_at date When the certificate was added to the Censys dataset.
services.tls.certificate.ct.entries nested
services.tls.certificate.ct.entries.key text
services.tls.certificate.ct.entries.value.added_to_ct_at date An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
services.tls.certificate.ct.entries.value.ct_to_censys_at date An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
services.tls.certificate.ct.entries.value.index long Numerical marker of the certificate's place in the CT log.
services.tls.certificate.ever_seen_in_scan boolean
services.tls.certificate.fingerprint_md5 text The MD-5 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha1 text The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha256 text The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
services.tls.certificate.modified_at date When the certificate record was last modified.
services.tls.certificate.names text All the names contained in the certificate from various fields.
services.tls.certificate.parent_spki_subject_fingerprint_sha256 text The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.parse_status text
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls text
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls text
services.tls.certificate.parsed.extensions.authority_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.extensions.basic_constraints.is_ca boolean Whether the certificate is permitted to sign other certificates.
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len integer When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
services.tls.certificate.parsed.extensions.cabf_organization_id.country text
services.tls.certificate.parsed.extensions.cabf_organization_id.reference text
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme text
services.tls.certificate.parsed.extensions.cabf_organization_id.state text
services.tls.certificate.parsed.extensions.certificate_policies nested The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
services.tls.certificate.parsed.extensions.certificate_policies.cps text
services.tls.certificate.parsed.extensions.certificate_policies.id text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice nested
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers integer
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization text
services.tls.certificate.parsed.extensions.crl_distribution_points text The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).
services.tls.certificate.parsed.extensions.ct_poison boolean Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
services.tls.certificate.parsed.extensions.extended_key_usage.any boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity boolean
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp boolean
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21 boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3 boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping boolean
services.tls.certificate.parsed.extensions.extended_key_usage.unknown text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names nested The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names nested The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name text
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names nested The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value text The raw otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.key_usage.certificate_sign boolean Whether the keyCertSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.content_commitment boolean Whether the contentCommitment (formerly called nonRepudiation) bit is set.
services.tls.certificate.parsed.extensions.key_usage.crl_sign boolean Whether the cRLSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.data_encipherment boolean Whether the dataEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.decipher_only boolean Whether the decipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.digital_signature boolean Whether the digitalSignature bit is set.
services.tls.certificate.parsed.extensions.key_usage.encipher_only boolean Whether the encipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_agreement boolean Whether the keyAgreement bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_encipherment boolean Whether the keyEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.value unsigned_long The integer value of the bitmask in the extension.
services.tls.certificate.parsed.extensions.name_constraints.critical boolean
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names nested A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id text
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names nested A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name text
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses text A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses nested A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin text The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr text The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end text The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask text The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.excluded_names text A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids text A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris text A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names nested A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id text
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names nested A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name text
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses text A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses nested A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin text The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr text The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end text The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask text The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.permitted_names text A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids text A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris text A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.qc_statements.ids text
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent long
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language text
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url text
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period long
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.types nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps nested
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp date
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version integer
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names nested The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id text
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names nested The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name text
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names nested The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value text The raw otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
services.tls.certificate.parsed.extensions.tor_service_descriptors nested
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits integer
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion text
services.tls.certificate.parsed.issuer.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.issuer.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.issuer.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.issuer.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.issuer.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.issuer.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.issuer.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.issuer.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.issuer.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.issuer.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.issuer.organization_id text
services.tls.certificate.parsed.issuer.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.issuer.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.issuer.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.issuer.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.issuer.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.issuer.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.issuer_dn text Distinguished Name of the entity that has signed and issued the certificate.
services.tls.certificate.parsed.redacted boolean
services.tls.certificate.parsed.serial_number text Issuer-specific identifier of the certificate.
services.tls.certificate.parsed.serial_number_hex text Issuer-specific identifier of the certificate, represented as hexadecimal.
services.tls.certificate.parsed.signature.self_signed boolean Whether the certificate was signed by its own key.
services.tls.certificate.parsed.signature.signature_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.signature.signature_algorithm.oid text
services.tls.certificate.parsed.signature.valid boolean Whether the signature is valid.
services.tls.certificate.parsed.signature.value text Contents of the signature.
services.tls.certificate.parsed.subject.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.subject.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.subject.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.subject.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.subject.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.subject.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.subject.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.subject.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.subject.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.subject.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.subject.organization_id text
services.tls.certificate.parsed.subject.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.subject.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.subject.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.subject.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.subject.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.subject.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.subject_dn text Distinguished Name of the entity associated with the public key.
services.tls.certificate.parsed.subject_key_info.dsa.g text
services.tls.certificate.parsed.subject_key_info.dsa.p text
services.tls.certificate.parsed.subject_key_info.dsa.q text
services.tls.certificate.parsed.subject_key_info.dsa.y text
services.tls.certificate.parsed.subject_key_info.ecdsa.b text
services.tls.certificate.parsed.subject_key_info.ecdsa.curve text
services.tls.certificate.parsed.subject_key_info.ecdsa.gx text
services.tls.certificate.parsed.subject_key_info.ecdsa.gy text
services.tls.certificate.parsed.subject_key_info.ecdsa.length long
services.tls.certificate.parsed.subject_key_info.ecdsa.n text
services.tls.certificate.parsed.subject_key_info.ecdsa.p text
services.tls.certificate.parsed.subject_key_info.ecdsa.pub text
services.tls.certificate.parsed.subject_key_info.ecdsa.x text
services.tls.certificate.parsed.subject_key_info.ecdsa.y text
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.subject_key_info.key_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid text
services.tls.certificate.parsed.subject_key_info.rsa.exponent long The RSA key's public exponent (e).
services.tls.certificate.parsed.subject_key_info.rsa.length long Bit-length of the RSA modulus.
services.tls.certificate.parsed.subject_key_info.rsa.modulus text The RSA key's modulus (n) in big-endian encoding.
services.tls.certificate.parsed.subject_key_info.unrecognized.raw text
services.tls.certificate.parsed.unknown_extensions nested
services.tls.certificate.parsed.unknown_extensions.critical boolean
services.tls.certificate.parsed.unknown_extensions.id text
services.tls.certificate.parsed.unknown_extensions.value text
services.tls.certificate.parsed.validity_period.length_seconds long The duration of the certificate's validity period, in seconds.
services.tls.certificate.parsed.validity_period.not_after date An RFC-3339-formatted timestamp after which the certificate is no longer valid.
services.tls.certificate.parsed.validity_period.not_before date An RFC-3339-formatted timestamp before which the certificate is not valid.
services.tls.certificate.parsed.version integer
services.tls.certificate.precert boolean Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted.
services.tls.certificate.revocation.crl.next_update date
services.tls.certificate.revocation.crl.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.crl.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.crl.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revocation.ocsp.next_update date
services.tls.certificate.revocation.ocsp.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.ocsp.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.ocsp.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.spki_subject_fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.tbs_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate's contents.
services.tls.certificate.tbs_no_ct_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.
services.tls.certificate.validated_at date When the certificate record's trust was last checked.
services.tls.certificate.validation.apple.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.apple.chains.sha256fp text
services.tls.certificate.validation.apple.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.apple.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.apple.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.apple.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.apple.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.chrome.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.chrome.chains.sha256fp text
services.tls.certificate.validation.chrome.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.chrome.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.chrome.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.chrome.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.chrome.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.microsoft.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.microsoft.chains.sha256fp text
services.tls.certificate.validation.microsoft.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.microsoft.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.microsoft.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.microsoft.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.microsoft.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.nss.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.nss.chains.sha256fp text
services.tls.certificate.validation.nss.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.nss.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.nss.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.nss.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.nss.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation_level text The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).
services.tls.certificate.zlint.errors_present boolean Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.failed_lints text A list of lint names which failed, if applicable.
services.tls.certificate.zlint.fatals_present boolean Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.notices_present boolean Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.timestamp date An RFC-3339-formated timestamp indicating when the certificate was linted.
services.tls.certificate.zlint.version long The version of Zlint used to lint the certificate.
services.tls.certificate.zlint.warnings_present boolean Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
services.tls.certificates.chain.fingerprint keyword SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.certificates.chain.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.chain.subject_dn text Distinguished name of the entity that the certificate belongs to.
services.tls.certificates.chain_fps_sha_256 keyword DEPRECATED (04/30/2021) - Use `chain` instead.
services.tls.certificates.leaf_data.fingerprint keyword SHA256 fingerprint of the TBS certificate.
services.tls.certificates.leaf_data.issuer.common_name text
services.tls.certificates.leaf_data.issuer.country text
services.tls.certificates.leaf_data.issuer.domain_component text
services.tls.certificates.leaf_data.issuer.email_address text
services.tls.certificates.leaf_data.issuer.jurisdiction_country text
services.tls.certificates.leaf_data.issuer.jurisdiction_locality text
services.tls.certificates.leaf_data.issuer.jurisdiction_province text
services.tls.certificates.leaf_data.issuer.locality text
services.tls.certificates.leaf_data.issuer.organization text
services.tls.certificates.leaf_data.issuer.organization_id text
services.tls.certificates.leaf_data.issuer.organizational_unit text
services.tls.certificates.leaf_data.issuer.postal_code keyword
services.tls.certificates.leaf_data.issuer.province text
services.tls.certificates.leaf_data.issuer.serial_number keyword
services.tls.certificates.leaf_data.issuer.street_address text
services.tls.certificates.leaf_data.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.leaf_data.names text Common names for the entity.
services.tls.certificates.leaf_data.pubkey_algorithm text Algorithm used to create the public key.
services.tls.certificates.leaf_data.pubkey_bit_size integer Size of the public key.
services.tls.certificates.leaf_data.public_key.dsa.g text
services.tls.certificates.leaf_data.public_key.dsa.p text
services.tls.certificates.leaf_data.public_key.dsa.q text
services.tls.certificates.leaf_data.public_key.dsa.y text
services.tls.certificates.leaf_data.public_key.ecdsa.b text
services.tls.certificates.leaf_data.public_key.ecdsa.curve keyword
services.tls.certificates.leaf_data.public_key.ecdsa.gx text
services.tls.certificates.leaf_data.public_key.ecdsa.gy text
services.tls.certificates.leaf_data.public_key.ecdsa.length unsigned_long
services.tls.certificates.leaf_data.public_key.ecdsa.n text
services.tls.certificates.leaf_data.public_key.ecdsa.p text
services.tls.certificates.leaf_data.public_key.ecdsa.pub text
services.tls.certificates.leaf_data.public_key.ecdsa.x text
services.tls.certificates.leaf_data.public_key.ecdsa.y text
services.tls.certificates.leaf_data.public_key.fingerprint text
services.tls.certificates.leaf_data.public_key.key_algorithm keyword
services.tls.certificates.leaf_data.public_key.rsa.exponent text
services.tls.certificates.leaf_data.public_key.rsa.length unsigned_long
services.tls.certificates.leaf_data.public_key.rsa.modulus text
services.tls.certificates.leaf_data.signature.self_signed boolean Denotes if the certificate was self signed.
services.tls.certificates.leaf_data.signature.signature_algorithm keyword Cryptographic algorithm used by the CA to sign this certificate.
services.tls.certificates.leaf_data.subject.common_name text
services.tls.certificates.leaf_data.subject.country text
services.tls.certificates.leaf_data.subject.domain_component text
services.tls.certificates.leaf_data.subject.email_address text
services.tls.certificates.leaf_data.subject.jurisdiction_country text
services.tls.certificates.leaf_data.subject.jurisdiction_locality text
services.tls.certificates.leaf_data.subject.jurisdiction_province text
services.tls.certificates.leaf_data.subject.locality text
services.tls.certificates.leaf_data.subject.organization text
services.tls.certificates.leaf_data.subject.organization_id text
services.tls.certificates.leaf_data.subject.organizational_unit text
services.tls.certificates.leaf_data.subject.postal_code keyword
services.tls.certificates.leaf_data.subject.province text
services.tls.certificates.leaf_data.subject.serial_number keyword
services.tls.certificates.leaf_data.subject.street_address text
services.tls.certificates.leaf_data.subject_dn text Distinguished name of the entity associated with the public key.
services.tls.certificates.leaf_data.tbs_fingerprint keyword Fingerprint of the TBS certificate.
services.tls.certificates.leaf_fp_sha_256 keyword SHA 256 fingerprint of the TBS certificate.
services.tls.cipher_selected text Cipher suite chosen for the exchange.
services.tls.ja3s text The JA3S fingerprint for this service.
services.tls.presented_chain.fingerprint keyword SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.presented_chain.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.presented_chain.subject_dn text Distinguished name of the entity that the certificate belongs to.
services.tls.server_key_exchange.ec_params.named_curve unsigned_long Elliptic-Curve ID value.
services.tls.server_key_exchange.ec_params.public_key text
services.tls.session_ticket.length unsigned_long
services.tls.session_ticket.lifetime_hint unsigned_long Hint from server about how long the session ticket should be stored.
services.tls.version_selected text Certificate version v1(0), v2(1), v3(2).

SOFTWARE

Path Type Docs
services.software nested
services.software.component_uniform_resource_identifiers text URIs of software components related to the identified software.
services.software.cpe text CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
services.software.edition text Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
services.software.language text Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
services.software.other.key text
services.software.other.value text
services.software.part keyword Defines the class of this software, a for application, o for operating system, h for hardware devices.
services.software.product text Identifies the most common and recognizable title or name of the product.
services.software.source text Defines the source that this software information was derived from.
services.software.sw_edition text Characterizes how the product is tailored to a particular market or class of end users.
services.software.target_hw text Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
services.software.target_sw text Characterizes the software computing environment within which the product operates.
services.software.update text Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
services.software.vendor text Identifies the person or organization that manufactured or created the product.
services.software.version text Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

MISC

Path Type Docs
labels text
last_updated_at date
service_count integer
services nested
services.banner_hashes text
services.cobalt_strike.x64.cookie_beacon unsigned_long
services.cobalt_strike.x64.crypto_scheme unsigned_long
services.cobalt_strike.x64.dns boolean
services.cobalt_strike.x64.http_get.client text
services.cobalt_strike.x64.http_get.uri text
services.cobalt_strike.x64.http_get.verb text
services.cobalt_strike.x64.http_post.client text
services.cobalt_strike.x64.http_post.uri text
services.cobalt_strike.x64.http_post.verb text
services.cobalt_strike.x64.jitter unsigned_long
services.cobalt_strike.x64.killdate unsigned_long
services.cobalt_strike.x64.post_ex.x64 text
services.cobalt_strike.x64.post_ex.x86 text
services.cobalt_strike.x64.public_key text
services.cobalt_strike.x64.sleep_time unsigned_long
services.cobalt_strike.x64.ssl boolean
services.cobalt_strike.x64.unknown_bytes.key unsigned_long
services.cobalt_strike.x64.unknown_bytes.value text
services.cobalt_strike.x64.unknown_int.key unsigned_long
services.cobalt_strike.x64.unknown_int.value unsigned_long
services.cobalt_strike.x64.user_agent text
services.cobalt_strike.x64.watermark unsigned_long
services.cobalt_strike.x86.cookie_beacon unsigned_long
services.cobalt_strike.x86.crypto_scheme unsigned_long
services.cobalt_strike.x86.dns boolean
services.cobalt_strike.x86.http_get.client text
services.cobalt_strike.x86.http_get.uri text
services.cobalt_strike.x86.http_get.verb text
services.cobalt_strike.x86.http_post.client text
services.cobalt_strike.x86.http_post.uri text
services.cobalt_strike.x86.http_post.verb text
services.cobalt_strike.x86.jitter unsigned_long
services.cobalt_strike.x86.killdate unsigned_long
services.cobalt_strike.x86.post_ex.x64 text
services.cobalt_strike.x86.post_ex.x86 text
services.cobalt_strike.x86.public_key text
services.cobalt_strike.x86.sleep_time unsigned_long
services.cobalt_strike.x86.ssl boolean
services.cobalt_strike.x86.unknown_bytes.key unsigned_long
services.cobalt_strike.x86.unknown_bytes.value text
services.cobalt_strike.x86.unknown_int.key unsigned_long
services.cobalt_strike.x86.unknown_int.value unsigned_long
services.cobalt_strike.x86.user_agent text
services.cobalt_strike.x86.watermark unsigned_long
services.discovery_method text
services.labels text
services.transport_fingerprint.id integer
services.transport_fingerprint.os text
services.transport_fingerprint.quic.versions unsigned_long Raw versions presented in the QUIC version negotiation packet, if any.
services.transport_fingerprint.raw text
truncated boolean

HTTP

Path Type Docs
services.http.request.body text
services.http.request.headers nested
services.http.request.headers.key text
services.http.request.headers.value.headers text
services.http.request.method text
services.http.request.uri text
services.http.response.body text
services.http.response.body_hashes text
services.http.response.body_size integer
services.http.response.favicons.md5_hash keyword
services.http.response.favicons.name text
services.http.response.favicons.size integer
services.http.response.headers nested
services.http.response.headers.key text
services.http.response.headers.value.headers text
services.http.response.html_tags text
services.http.response.html_title text
services.http.response.protocol text
services.http.response.status_code integer
services.http.response.status_reason text
services.http.supports_http2 boolean

SSH

Path Type Docs
services.ssh.algorithm_selection.client_to_server_alg_group.cipher text
services.ssh.algorithm_selection.client_to_server_alg_group.compression text
services.ssh.algorithm_selection.client_to_server_alg_group.mac text
services.ssh.algorithm_selection.host_key_algorithm text
services.ssh.algorithm_selection.kex_algorithm text
services.ssh.algorithm_selection.server_to_client_alg_group.cipher text
services.ssh.algorithm_selection.server_to_client_alg_group.compression text
services.ssh.algorithm_selection.server_to_client_alg_group.mac text
services.ssh.endpoint_id.comment text
services.ssh.endpoint_id.protocol_version text
services.ssh.endpoint_id.raw text
services.ssh.endpoint_id.software_version text
services.ssh.hassh_fingerprint text
services.ssh.kex_init_message.client_to_server_ciphers text A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.client_to_server_compression text A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.client_to_server_languages text A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.client_to_server_macs text A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.kex_init_message.first_kex_follows boolean
services.ssh.kex_init_message.host_key_algorithms text Asymmetric key algorithms for the host key supported by the client.
services.ssh.kex_init_message.kex_algorithms text Key exchange algorithms used in the handshake.
services.ssh.kex_init_message.server_to_client_ciphers text A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.server_to_client_compression text A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.server_to_client_languages text A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.server_to_client_macs text A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.server_host_key.certkey_public_key text
services.ssh.server_host_key.dsa_public_key.g text
services.ssh.server_host_key.dsa_public_key.p text
services.ssh.server_host_key.dsa_public_key.q text
services.ssh.server_host_key.dsa_public_key.y text
services.ssh.server_host_key.ecdsa_public_key.b text
services.ssh.server_host_key.ecdsa_public_key.curve keyword
services.ssh.server_host_key.ecdsa_public_key.gx text
services.ssh.server_host_key.ecdsa_public_key.gy text
services.ssh.server_host_key.ecdsa_public_key.length unsigned_long
services.ssh.server_host_key.ecdsa_public_key.n text
services.ssh.server_host_key.ecdsa_public_key.p text
services.ssh.server_host_key.ecdsa_public_key.pub text
services.ssh.server_host_key.ecdsa_public_key.x text
services.ssh.server_host_key.ecdsa_public_key.y text
services.ssh.server_host_key.ed25519_public_key.public_bytes text
services.ssh.server_host_key.fingerprint_sha256 text
services.ssh.server_host_key.rsa_public_key.exponent text
services.ssh.server_host_key.rsa_public_key.length unsigned_long
services.ssh.server_host_key.rsa_public_key.modulus text

TELNET

Path Type Docs
services.telnet.banner text
services.telnet.do.key unsigned_long
services.telnet.do.value text
services.telnet.dont.key unsigned_long
services.telnet.dont.value text
services.telnet.will.key unsigned_long
services.telnet.will.value text
services.telnet.wont.key unsigned_long
services.telnet.wont.value text

FTP

Path Type Docs
services.ftp.auth_ssl_response text
services.ftp.auth_tls_response text
services.ftp.banner text
services.ftp.implicit_tls boolean
services.ftp.status_code integer
services.ftp.status_meaning text

DNS

Path Type Docs
services.dns.additionals.name text
services.dns.additionals.response text
services.dns.additionals.type text
services.dns.answers.name text
services.dns.answers.response text
services.dns.answers.type text
services.dns.authorities.name text
services.dns.authorities.response text
services.dns.authorities.type text
services.dns.edns.do boolean
services.dns.edns.options text
services.dns.edns.udp unsigned_long
services.dns.edns.version unsigned_long
services.dns.questions.name text
services.dns.questions.response text
services.dns.questions.type text
services.dns.r_code text
services.dns.resolves_correctly boolean
services.dns.server_type text
services.dns.version text

Misc

Path Type Docs
autonomous_system object
dns object
dns.reverse_dns object
location object
location.coordinates object The estimated coordinates of the detected location.
operating_system object
operating_system.other object Other attributes describing the identified software
services.amqp object
services.amqp.protocol_id object
services.amqp.version object
services.any_connect object
services.bacnet object
services.coap object
services.cobalt_strike object
services.cobalt_strike.x64 object
services.cobalt_strike.x64.http_get object
services.cobalt_strike.x64.http_post object
services.cobalt_strike.x64.post_ex object
services.cobalt_strike.x64.unknown_bytes object
services.cobalt_strike.x64.unknown_int object
services.cobalt_strike.x86 object
services.cobalt_strike.x86.http_get object
services.cobalt_strike.x86.http_post object
services.cobalt_strike.x86.post_ex object
services.cobalt_strike.x86.unknown_bytes object
services.cobalt_strike.x86.unknown_int object
services.cwmp object
services.cwmp.http_info object
services.cwmp.http_info.favicons object
services.cwmp.http_info.headers.value object
services.dnp3 object
services.dns object
services.dns.additionals object
services.dns.answers object
services.dns.authorities object
services.dns.edns object
services.dns.questions object
services.elasticsearch object
services.elasticsearch.http_info object
services.elasticsearch.http_info.headers.value object
services.elasticsearch.node_info object
services.elasticsearch.node_info.cluster_combined_info object
services.elasticsearch.node_info.cluster_combined_info.filesystem object
services.elasticsearch.node_info.cluster_combined_info.indices object
services.elasticsearch.node_info.cluster_combined_info.indices.docs object
services.elasticsearch.node_info.cluster_combined_info.indices.store object
services.elasticsearch.node_info.nodes object
services.elasticsearch.node_info.nodes.node_data object
services.elasticsearch.node_info.nodes.node_data.jvm object
services.elasticsearch.node_info.nodes.node_data.modules object
services.elasticsearch.node_info.nodes.node_data.os object
services.elasticsearch.node_info.nodes.node_data.settings object
services.elasticsearch.node_info.nodes.node_data.settings.node object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml object
services.elasticsearch.node_info.nodes.node_data.thread_pool_list object
services.elasticsearch.system_info object
services.elasticsearch.system_info.version object
services.fortigate object
services.fortigate.http_info object
services.fortigate.http_info.headers.value object
services.fox object
services.ftp object
services.http object
services.http.request object
services.http.request.headers.value object
services.http.response object
services.http.response.favicons object
services.http.response.headers.value object
services.ike object
services.ike.v1 object
services.ike.v2 object
services.imap object
services.ipmi object
services.ipmi.capabilities object The Get Channel Authentication Capabilities response (section 22.13)
services.ipmi.capabilities.auth_status object The authentication status
services.ipmi.capabilities.completion_code object The status code of the response
services.ipmi.capabilities.extended_capabilities object Extended auth capabilities (if present)
services.ipmi.capabilities.supported_auth_types object The auth types supported by the server
services.ipmi.command_payload object The IPMI command payload
services.ipmi.command_payload.ipmi_command_number object The parsed IPMI command number
services.ipmi.command_payload.network_function_code object The NetFn and LUN
services.ipmi.command_payload.network_function_code.logical_unit_number object The parsed LUN (logical unit number -- the lower 2 bits of raw)
services.ipmi.command_payload.network_function_code.net_fn object The parsed NetFn value (the upper 6 bits of raw)
services.ipmi.rmcp_header object The RMCP header of the response, (section 13.1.3)
services.ipmi.rmcp_header.message_class object The class of the message.
services.ipmi.session_header object The IPMI sesssion header of the response
services.ipmi.session_header.auth_type object The authentication type for this request (see section 13.6)
services.ipp object
services.ipp.attributes object All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
services.ipp.cups_response object
services.ipp.cups_response.favicons object
services.ipp.cups_response.headers.value object
services.ipp.response object
services.ipp.response.favicons object
services.ipp.response.headers.value object
services.jarm object
services.kubernetes object
services.kubernetes.endpoints object
services.kubernetes.endpoints.subsets object
services.kubernetes.endpoints.subsets.addresses object
services.kubernetes.endpoints.subsets.ports object
services.kubernetes.nodes object
services.kubernetes.nodes.addresses object
services.kubernetes.roles object
services.kubernetes.roles.rules object Rules set for this role.
services.kubernetes.version_info object
services.ldap object
services.ldap.attributes object All root DN attributes available via anonymous bind
services.memcached object
services.mms object
services.modbus object
services.modbus.exception_response object
services.modbus.mei_response object
services.mongodb object
services.mongodb.build_info object
services.mongodb.build_info.build_environment object
services.mongodb.is_master object
services.mqtt object
services.mqtt.connection_ack_return object
services.mqtt.subscription_ack_return object
services.mssql object
services.mssql.prelogin_options object
services.mssql.prelogin_options.server_version object
services.mssql.prelogin_options.unknown object
services.mysql object
services.ntp object
services.ntp.get_time_header object
services.openvpn object
services.oracle object
services.oracle.redirect_target object The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
services.oracle.refuse_error object The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE
services.parsed.dhcpdiscover object
services.parsed.dhcpdiscover.method text
services.parsed.dhcpdiscover.params object
services.parsed.dhcpdiscover.params.device_info object
services.parsed.dhcpdiscover.params.device_info.alarm_input_channels long
services.parsed.dhcpdiscover.params.device_info.alarm_output_channels long
services.parsed.dhcpdiscover.params.device_info.device_class text
services.parsed.dhcpdiscover.params.device_info.device_id text
services.parsed.dhcpdiscover.params.device_info.device_type text
services.parsed.dhcpdiscover.params.device_info.http_port long
services.parsed.dhcpdiscover.params.device_info.ipv4_address object
services.parsed.dhcpdiscover.params.device_info.ipv4_address.default_gateway text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.dhcp_enable boolean
services.parsed.dhcpdiscover.params.device_info.ipv4_address.ip_address text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.subnetmask text
services.parsed.dhcpdiscover.params.device_info.ipv6_address object
services.parsed.dhcpdiscover.params.device_info.ipv6_address.default_gateway text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.dhcp_enable boolean
services.parsed.dhcpdiscover.params.device_info.ipv6_address.ip_address text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.link_local_address text
services.parsed.dhcpdiscover.params.device_info.machine_group text
services.parsed.dhcpdiscover.params.device_info.machine_name text
services.parsed.dhcpdiscover.params.device_info.manufacturer text
services.parsed.dhcpdiscover.params.device_info.port long
services.parsed.dhcpdiscover.params.device_info.remote_video_input_channels long
services.parsed.dhcpdiscover.params.device_info.serial_no text
services.parsed.dhcpdiscover.params.device_info.unlogin_func_mask long
services.parsed.dhcpdiscover.params.device_info.vendor text
services.parsed.dhcpdiscover.params.device_info.version text
services.parsed.dhcpdiscover.params.device_info.video_input_channels long
services.parsed.dhcpdiscover.params.device_info.video_output_channels long
services.parsed.ethereum object
services.parsed.ethereum.accounts text
services.parsed.ethereum.hashrate text
services.parsed.ethereum.version object
services.parsed.ethereum.version.client text
services.parsed.ethereum.version.compiler text
services.parsed.ethereum.version.platform text
services.parsed.ethereum.version.trailing text
services.parsed.ethereum.version.version text
services.parsed.monero_p2p object
services.parsed.monero_p2p.ping_response object
services.parsed.monero_p2p.ping_response.payload object
services.parsed.monero_p2p.ping_response.payload.entries object
services.parsed.monero_p2p.ping_response.payload.entries.name text
services.parsed.monero_p2p.ping_response.payload.entries.value object
services.parsed.monero_p2p.ping_response.payload.entries.value.name text
services.parsed.monero_p2p.ping_response.payload.entries.value.value text
services.parsed.monero_p2p.ping_response.response_header object
services.parsed.monero_p2p.ping_response.response_header.command long
services.parsed.monero_p2p.ping_response.response_header.expects_response boolean
services.parsed.monero_p2p.ping_response.response_header.flags long
services.parsed.monero_p2p.ping_response.response_header.length long
services.parsed.monero_p2p.ping_response.response_header.return_code long
services.parsed.monero_p2p.ping_response.response_header.signature long
services.parsed.monero_p2p.ping_response.response_header.version long
services.parsed.opc_ua object
services.parsed.opc_ua.acknowledge object
services.parsed.opc_ua.acknowledge.max_chunk_size long
services.parsed.opc_ua.acknowledge.max_message_size long
services.parsed.opc_ua.acknowledge.protocol_version long
services.parsed.opc_ua.acknowledge.receive_buffer_size long
services.parsed.opc_ua.acknowledge.send_buffer_size long
services.parsed.opc_ua.error object
services.parsed.opc_ua.error.error long
services.parsed.opc_ua.error.reason text
services.parsed.opc_ua.error.spec_error_name text
services.parsed.opc_ua.error.spec_error_reason text
services.parsed.rocketmq object
services.parsed.rocketmq.cluster_info object
services.parsed.rocketmq.cluster_info.header object
services.parsed.rocketmq.cluster_info.header.code long
services.parsed.rocketmq.cluster_info.header.flag long
services.parsed.rocketmq.cluster_info.header.language text
services.parsed.rocketmq.cluster_info.header.opaque long
services.parsed.rocketmq.cluster_info.header.serialize_type_current_rpc text
services.parsed.rocketmq.cluster_info.header.version long
services.parsed.rocketmq.cluster_info.payload text
services.parsed.rocketmq.topics object
services.parsed.rocketmq.topics.header object
services.parsed.rocketmq.topics.header.code long
services.parsed.rocketmq.topics.header.flag long
services.parsed.rocketmq.topics.header.language text
services.parsed.rocketmq.topics.header.opaque long
services.parsed.rocketmq.topics.header.serialize_type_current_rpc text
services.parsed.rocketmq.topics.header.version long
services.parsed.rocketmq.topics.topic_list text
services.parsed.rocketmq.version text
services.parsed.tplink_kasa object
services.parsed.tplink_kasa.active_mode text
services.parsed.tplink_kasa.alias text
services.parsed.tplink_kasa.brightness long
services.parsed.tplink_kasa.dev_name text
services.parsed.tplink_kasa.err_code long
services.parsed.tplink_kasa.feature text
services.parsed.tplink_kasa.hw_ver text
services.parsed.tplink_kasa.icon_hash text
services.parsed.tplink_kasa.led_off long
services.parsed.tplink_kasa.mic_type text
services.parsed.tplink_kasa.model text
services.parsed.tplink_kasa.on_time long
services.parsed.tplink_kasa.relay_state long
services.parsed.tplink_kasa.rssi long
services.parsed.tplink_kasa.sw_ver text
services.parsed.tplink_kasa.updating long
services.parsed.zeromq object
services.parsed.zeromq.greeting object
services.parsed.zeromq.greeting.as_server boolean
services.parsed.zeromq.greeting.mechanism text
services.parsed.zeromq.greeting.signature text
services.parsed.zeromq.greeting.version_major long
services.parsed.zeromq.greeting.version_minor long
services.parsed.zeromq.handshake object
services.parsed.zeromq.handshake.raw text
services.parsed.zeromq.handshake.ready boolean
services.parsed.zeromq.handshake.socket_type text
services.parsed.zeromq.subscription_match object
services.parsed.zeromq.subscription_match.is_monero_node boolean
services.pc_anywhere object
services.pc_anywhere.status object
services.pop3 object
services.postgres object
services.postgres.authentication_mode object
services.pptp object
services.pptp.bearer_message object
services.pptp.error_message object
services.pptp.firmware object
services.pptp.framing_message object
services.pptp.protocol object
services.pptp.result_message object
services.prometheus object
services.prometheus.http_info object
services.prometheus.http_info.headers.value object
services.prometheus.response object Information Prometheus captured as well as build information.
services.prometheus.response.active_targets object List of active targets.
services.prometheus.response.active_targets.discovered_labels object
services.prometheus.response.active_targets.labels object
services.prometheus.response.dropped_targets object List of dropped targets.
services.prometheus.response.prometheus_versions object
services.rdp object
services.rdp.certificate_info object
services.rdp.certificate_info.proprietary_rsa_key object
services.rdp.connect_response object
services.rdp.connect_response.domain_parameters object
services.rdp.protocol_flags object
services.rdp.selected_security_protocol object
services.rdp.version object
services.redis object
services.redis.info_response object The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.
services.redis.raw_command_output object The raw output returned by the server for each command sent; the indices match those of commands.
services.s7 object
services.sip object
services.skinny object
services.smb object
services.smb.negotiation_log object
services.smb.negotiation_log.header_log object
services.smb.session_setup_log object
services.smb.session_setup_log.header_log object
services.smb.smb_capabilities object Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
services.smb.smb_version object
services.smtp object
services.snmp object
services.snmp.oid_interfaces object 1.3.6.1.2.1.2 - Interfaces
services.snmp.oid_physical object 1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
services.snmp.oid_system object 1.3.6.1.2.1.1 - System Variables
services.snmp.oid_system.services object 1.3.6.1.2.1.1.7 - Set of services offered by entity
services.software.other object Other attributes describing the identified software
services.ssdp object
services.ssdp.headers.value object
services.ssh object
services.ssh.algorithm_selection object
services.ssh.algorithm_selection.client_to_server_alg_group object
services.ssh.algorithm_selection.server_to_client_alg_group object
services.ssh.endpoint_id object
services.ssh.kex_init_message object
services.ssh.server_host_key object
services.ssh.server_host_key.dsa_public_key object
services.ssh.server_host_key.ecdsa_public_key object
services.ssh.server_host_key.ed25519_public_key object
services.ssh.server_host_key.rsa_public_key object
services.team_viewer object
services.telnet object
services.telnet.do object
services.telnet.dont object
services.telnet.will object
services.telnet.wont object
services.tls object
services.tls.certificate object
services.tls.certificate.ct object
services.tls.certificate.ct.entries.value object
services.tls.certificate.parsed object A record containing all of the data parsed from the certificate.
services.tls.certificate.parsed.extensions object A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
services.tls.certificate.parsed.extensions.authority_info_access object The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
services.tls.certificate.parsed.extensions.basic_constraints object The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
services.tls.certificate.parsed.extensions.cabf_organization_id object CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference object
services.tls.certificate.parsed.extensions.extended_key_usage object The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
services.tls.certificate.parsed.extensions.issuer_alt_name object The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
services.tls.certificate.parsed.extensions.key_usage object The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
services.tls.certificate.parsed.extensions.name_constraints object The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
services.tls.certificate.parsed.extensions.qc_statements object
services.tls.certificate.parsed.extensions.qc_statements.parsed object
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature object
services.tls.certificate.parsed.extensions.subject_alt_name object The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
services.tls.certificate.parsed.issuer object A record containing the parsed contents of the issuer_dn.
services.tls.certificate.parsed.signature object
services.tls.certificate.parsed.signature.signature_algorithm object
services.tls.certificate.parsed.subject object A record containing the parsed contents of the subject_dn.
services.tls.certificate.parsed.subject_key_info object Information about the certificate's public key.
services.tls.certificate.parsed.subject_key_info.dsa object A record containing the public portion of a DSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.ecdsa object A record containing the public portion of an ECDSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.key_algorithm object A record containing information about the type of subject key algorithm and any relevant parameters.
services.tls.certificate.parsed.subject_key_info.rsa object A record containing the public portion of an RSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.unrecognized object A record containing known information about an unrecognized key type.
services.tls.certificate.parsed.validity_period object Information about the time for which the certificate is valid.
services.tls.certificate.revocation object A record containing revocation information, if the certificate has been revoked.
services.tls.certificate.revocation.crl object
services.tls.certificate.revocation.ocsp object
services.tls.certificate.validation object A record containing information from the maintainers of major root certificate stores related to their trust assessment.
services.tls.certificate.validation.apple object A record containing validation information about the certificate from the Apple root store.
services.tls.certificate.validation.chrome object A record containing validation information about the certificate from the Chrome root store.
services.tls.certificate.validation.microsoft object A record containing validation information about the certificate from the Microsoft root store.
services.tls.certificate.validation.nss object A record containing validation information about the certificate from the Mozilla NSS root store.
services.tls.certificate.zlint object A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.
services.tls.certificates object Certificate and certificate chain details.
services.tls.certificates.chain object Certificate chain information.
services.tls.certificates.leaf_data object The TBS Certificate information.
services.tls.certificates.leaf_data.issuer object Issuer distinguished name attributes.
services.tls.certificates.leaf_data.public_key object Subject public key information.
services.tls.certificates.leaf_data.public_key.dsa object
services.tls.certificates.leaf_data.public_key.ecdsa object
services.tls.certificates.leaf_data.public_key.rsa object
services.tls.certificates.leaf_data.signature object Certificate signature information.
services.tls.certificates.leaf_data.subject object Subject distinguished name attributes.
services.tls.presented_chain object Certificate chain information.
services.tls.server_key_exchange object
services.tls.server_key_exchange.ec_params object Elliptic-Curve key exchange parameters used.
services.tls.session_ticket object The new session ticket sent by the server to the client.
services.transport_fingerprint object
services.transport_fingerprint.quic object
services.upnp object
services.upnp.devices object
services.upnp.devices.service_list object
services.upnp.headers.value object
services.upnp.spec object
services.vnc object
services.vnc.pixel_encoding object
services.vnc.screen_info object
services.vnc.screen_info.pixel_format object
services.vnc.security_types object server-specified security options
services.x11 object

PC_ANYWHERE

Path Type Docs
services.pc_anywhere.name text Workstation Name, with padding bytes removed
services.pc_anywhere.nr text Full 'NR' query response
services.pc_anywhere.status.in_use boolean Workstation is In Use if true, Available if false
services.pc_anywhere.status.raw text Full 'ST' query response

SKINNY

Path Type Docs
services.skinny.response text

RDP

Path Type Docs
services.rdp.certificate_info.internal_x509_chain_fps keyword
services.rdp.certificate_info.proprietary_rsa_key.key_length unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.magic unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.modulus text
services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.public_exponent unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.signature text
services.rdp.connect_response.connect_id unsigned_long
services.rdp.connect_response.domain_parameters.domain_protocol_version long
services.rdp.connect_response.domain_parameters.max_channel_ids long
services.rdp.connect_response.domain_parameters.max_mcspdu_size long
services.rdp.connect_response.domain_parameters.max_provider_height long
services.rdp.connect_response.domain_parameters.max_token_ids long
services.rdp.connect_response.domain_parameters.max_user_id_channels long
services.rdp.connect_response.domain_parameters.min_throughput long
services.rdp.connect_response.domain_parameters.num_priorities long
services.rdp.protocol_flags.dynvc_graphics_pipeline boolean
services.rdp.protocol_flags.extended_client_data_supported boolean
services.rdp.protocol_flags.neg_resp_reserved boolean
services.rdp.protocol_flags.restricted_admin_mode boolean
services.rdp.protocol_flags.restricted_auth_mode boolean
services.rdp.selected_security_protocol.credssp boolean
services.rdp.selected_security_protocol.credssp_early_auth boolean
services.rdp.selected_security_protocol.error boolean
services.rdp.selected_security_protocol.error_bad_flags boolean
services.rdp.selected_security_protocol.error_hybrid_required boolean
services.rdp.selected_security_protocol.error_ssl_cert_missing boolean
services.rdp.selected_security_protocol.error_ssl_forbidden boolean
services.rdp.selected_security_protocol.error_ssl_required boolean
services.rdp.selected_security_protocol.error_ssl_user_auth_required boolean
services.rdp.selected_security_protocol.error_unknown boolean
services.rdp.selected_security_protocol.raw_value unsigned_long
services.rdp.selected_security_protocol.rdstls boolean
services.rdp.selected_security_protocol.standard_rdp boolean
services.rdp.selected_security_protocol.tls boolean
services.rdp.version.major integer
services.rdp.version.minor integer
services.rdp.version.raw unsigned_long Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes.
services.rdp.x224_cc_pdu_srcref unsigned_long

NTP

Path Type Docs
services.ntp.get_time_header.leap_indicator unsigned_long
services.ntp.get_time_header.mode unsigned_long
services.ntp.get_time_header.poll integer
services.ntp.get_time_header.precision integer
services.ntp.get_time_header.reference_id text
services.ntp.get_time_header.stratum unsigned_long
services.ntp.get_time_header.version unsigned_long

X11

Path Type Docs
services.x11.refusal_reason text
services.x11.requires_authentication boolean
services.x11.vendor text
services.x11.version text

MODBUS

Path Type Docs
services.modbus.exception_response.exception_function unsigned_long
services.modbus.exception_response.exception_type unsigned_long
services.modbus.function unsigned_long
services.modbus.mei_response.conformity_level long
services.modbus.mei_response.more_follows boolean
services.modbus.mei_response.objects nested
services.modbus.mei_response.objects.key text
services.modbus.mei_response.objects.value text
services.modbus.unit_id long

MONGODB

Path Type Docs
services.mongodb.build_info.build_environment.cc text
services.mongodb.build_info.build_environment.cc_flags text
services.mongodb.build_info.build_environment.cxx text
services.mongodb.build_info.build_environment.cxx_flags text
services.mongodb.build_info.build_environment.dist_arch text
services.mongodb.build_info.build_environment.dist_mod text
services.mongodb.build_info.build_environment.link_flags text
services.mongodb.build_info.build_environment.target_arch text
services.mongodb.build_info.build_environment.target_os text
services.mongodb.build_info.git_version text Version of mongodb server
services.mongodb.build_info.version text Version of mongodb server
services.mongodb.is_master.is_master boolean
services.mongodb.is_master.logical_session_timeout_minutes integer
services.mongodb.is_master.max_bson_object_size integer
services.mongodb.is_master.max_message_size_bytes integer
services.mongodb.is_master.max_wire_version integer
services.mongodb.is_master.max_write_batch_size integer
services.mongodb.is_master.min_wire_version integer
services.mongodb.is_master.read_only boolean

IPP

Path Type Docs
services.ipp.attribute_cups_version text The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
services.ipp.attribute_ipp_versions text Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
services.ipp.attribute_printer_uris text Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
services.ipp.attributes.name text
services.ipp.attributes.value_tag unsigned_long
services.ipp.cups_response.body text
services.ipp.cups_response.body_hashes text
services.ipp.cups_response.body_size integer
services.ipp.cups_response.favicons.md5_hash keyword
services.ipp.cups_response.favicons.name text
services.ipp.cups_response.favicons.size integer
services.ipp.cups_response.headers nested
services.ipp.cups_response.headers.key text
services.ipp.cups_response.headers.value.headers text
services.ipp.cups_response.html_tags text
services.ipp.cups_response.html_title text
services.ipp.cups_response.protocol text
services.ipp.cups_response.status_code integer
services.ipp.cups_response.status_reason text
services.ipp.cups_version text The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
services.ipp.major_version unsigned_long Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.minor_version unsigned_long Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.response.body text
services.ipp.response.body_hashes text
services.ipp.response.body_size integer
services.ipp.response.favicons.md5_hash keyword
services.ipp.response.favicons.name text
services.ipp.response.favicons.size integer
services.ipp.response.headers nested
services.ipp.response.headers.key text
services.ipp.response.headers.value.headers text
services.ipp.response.html_tags text
services.ipp.response.html_title text
services.ipp.response.protocol text
services.ipp.response.status_code integer
services.ipp.response.status_reason text
services.ipp.version_string text The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'

SMTP

Path Type Docs
services.smtp.banner text The STMP banner.
services.smtp.ehlo text The server's response to the EHLO command.
services.smtp.start_tls text The server's response to the STARTTLS command.

AMQP

Path Type Docs
services.amqp.explicit_tls boolean Connected via a TLS connection after initial handshake
services.amqp.implicit_tls boolean Connected via a TLS wrapped connection (AMQPS)
services.amqp.protocol_id.id unsigned_long
services.amqp.protocol_id.name text
services.amqp.version.major unsigned_long
services.amqp.version.minor unsigned_long
services.amqp.version.revision unsigned_long

PPTP

Path Type Docs
services.pptp.bearer_message.code unsigned_long
services.pptp.bearer_message.meaning text
services.pptp.error_message.code unsigned_long
services.pptp.error_message.meaning text
services.pptp.firmware.major unsigned_long
services.pptp.firmware.minor unsigned_long
services.pptp.framing_message.code unsigned_long
services.pptp.framing_message.meaning text
services.pptp.hostname text
services.pptp.maximum_channels unsigned_long
services.pptp.protocol.major unsigned_long
services.pptp.protocol.minor unsigned_long
services.pptp.result_message.code unsigned_long
services.pptp.result_message.meaning text
services.pptp.vendor text

COAP

Path Type Docs
services.coap.code text
services.coap.message_id unsigned_long
services.coap.message_type text
services.coap.payload text
services.coap.token text
services.coap.version unsigned_long

SMB

Path Type Docs
services.smb.group_name text Default group name
services.smb.has_ntlm boolean Server supports the NTLM authentication method
services.smb.native_os text Server-identified operating system
services.smb.negotiation_log.authentication_types text
services.smb.negotiation_log.capabilities unsigned_long
services.smb.negotiation_log.dialect_revision unsigned_long
services.smb.negotiation_log.header_log.command unsigned_long
services.smb.negotiation_log.header_log.credits unsigned_long
services.smb.negotiation_log.header_log.flags unsigned_long
services.smb.negotiation_log.header_log.protocol_id text
services.smb.negotiation_log.header_log.status unsigned_long
services.smb.negotiation_log.security_mode unsigned_long
services.smb.negotiation_log.server_guid text
services.smb.negotiation_log.server_start_time unsigned_long
services.smb.negotiation_log.system_time unsigned_long
services.smb.ntlm text Native LAN manager
services.smb.session_setup_log.header_log.command unsigned_long
services.smb.session_setup_log.header_log.credits unsigned_long
services.smb.session_setup_log.header_log.flags unsigned_long
services.smb.session_setup_log.header_log.protocol_id text
services.smb.session_setup_log.header_log.status unsigned_long
services.smb.session_setup_log.negotiate_flags unsigned_long
services.smb.session_setup_log.setup_flags unsigned_long
services.smb.session_setup_log.target_name text
services.smb.smb_capabilities.smb_dfs_support boolean Server supports Distributed File System
services.smb.smb_capabilities.smb_directory_leasing_support boolean Server supports directory leasing
services.smb.smb_capabilities.smb_encryption_support boolean Server supports encryption
services.smb.smb_capabilities.smb_leasing_support boolean Server supports Leasing
services.smb.smb_capabilities.smb_multichan_support boolean Server supports multiple channels per session
services.smb.smb_capabilities.smb_multicredit_support boolean Server supports multi-credit operations
services.smb.smb_capabilities.smb_persistent_handle_support boolean Server supports persistent handles
services.smb.smb_version.major unsigned_long Major version
services.smb.smb_version.minor unsigned_long Minor version
services.smb.smb_version.revision unsigned_long Protocol Revision
services.smb.smb_version.version_string text Full SMB Version String
services.smb.smbv1_support boolean

S7

Path Type Docs
services.s7.copyright text
services.s7.cpu_profile text
services.s7.firmware text
services.s7.hardware text
services.s7.location text
services.s7.memory_serial_number text
services.s7.module text
services.s7.module_id text
services.s7.module_type text
services.s7.oem_id text
services.s7.plant_id text
services.s7.reserved_for_os text
services.s7.serial_number text
services.s7.system text

DNP3

Path Type Docs
services.dnp3.banner text

ELASTICSEARCH

Path Type Docs
services.elasticsearch.http_info.headers nested
services.elasticsearch.http_info.headers.key text
services.elasticsearch.http_info.headers.value.headers text
services.elasticsearch.http_info.status text
services.elasticsearch.http_info.status_code integer
services.elasticsearch.node_info.cluster_combined_info.filesystem.available text Human-friendly available size
services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes unsigned_long Available size in bytes
services.elasticsearch.node_info.cluster_combined_info.filesystem.free text Human-friendly free size
services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes unsigned_long Free size in bytes
services.elasticsearch.node_info.cluster_combined_info.filesystem.total text Human-friendly total size
services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes unsigned_long Total size in bytes
services.elasticsearch.node_info.cluster_combined_info.indices.count unsigned_long Total number of indices with shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.docs.count unsigned_long Total number of non-deleted documents across all primary shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted unsigned_long Total number of deleted documents across all primary shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes unsigned_long A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities
services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes unsigned_long Total size, in bytes, of all shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.name text
services.elasticsearch.node_info.cluster_combined_info.status text
services.elasticsearch.node_info.cluster_combined_info.timestamp unsigned_long
services.elasticsearch.node_info.cluster_combined_info.uuid text
services.elasticsearch.node_info.nodes.node_data.build_flavor text
services.elasticsearch.node_info.nodes.node_data.build_hash text
services.elasticsearch.node_info.nodes.node_data.build_type text
services.elasticsearch.node_info.nodes.node_data.host text
services.elasticsearch.node_info.nodes.node_data.ingest_processors text
services.elasticsearch.node_info.nodes.node_data.ip ip
services.elasticsearch.node_info.nodes.node_data.jvm.gc text
services.elasticsearch.node_info.nodes.node_data.jvm.input_args text
services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms unsigned_long
services.elasticsearch.node_info.nodes.node_data.jvm.version text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_name text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_version text
services.elasticsearch.node_info.nodes.node_data.modules.class_name text
services.elasticsearch.node_info.nodes.node_data.modules.desc text
services.elasticsearch.node_info.nodes.node_data.modules.elastic_version text
services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins text
services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl boolean
services.elasticsearch.node_info.nodes.node_data.modules.java_version text
services.elasticsearch.node_info.nodes.node_data.modules.name text
services.elasticsearch.node_info.nodes.node_data.modules.version text
services.elasticsearch.node_info.nodes.node_data.name text
services.elasticsearch.node_info.nodes.node_data.os.allocated_proc integer
services.elasticsearch.node_info.nodes.node_data.os.arch text
services.elasticsearch.node_info.nodes.node_data.os.available_proc integer
services.elasticsearch.node_info.nodes.node_data.os.name text
services.elasticsearch.node_info.nodes.node_data.os.pretty_name text
services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms unsigned_long
services.elasticsearch.node_info.nodes.node_data.os.version text
services.elasticsearch.node_info.nodes.node_data.roles text
services.elasticsearch.node_info.nodes.node_data.settings.cluster_name text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed text
services.elasticsearch.node_info.nodes.node_data.settings.node.name text
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive text
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type text
services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer unsigned_long
services.elasticsearch.node_info.nodes.node_data.version text
services.elasticsearch.node_info.nodes.node_name text
services.elasticsearch.system_info.cluster_uuid text Cluster UUID
services.elasticsearch.system_info.name text Cluster Name
services.elasticsearch.system_info.tagline text Elasticsearch identifying tagline
services.elasticsearch.system_info.version.build_date text
services.elasticsearch.system_info.version.build_flavor text
services.elasticsearch.system_info.version.build_hash text
services.elasticsearch.system_info.version.build_snapshot boolean
services.elasticsearch.system_info.version.build_type text
services.elasticsearch.system_info.version.lucene_version text
services.elasticsearch.system_info.version.min_idx_compat_ver text
services.elasticsearch.system_info.version.min_wire_compat_ver text
services.elasticsearch.system_info.version.number text ES Cluster version

REDIS

Path Type Docs
services.redis.arch_bits text The architecture bits (32 or 64) the Redis server used to build.
services.redis.auth_response text The response from the AUTH command, if sent.
services.redis.build_id text The Build ID of the Redis server.
services.redis.commands text The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
services.redis.commands_processed unsigned_long The total number of commands processed by the server.
services.redis.connections_received unsigned_long The total number of connections accepted by the server.
services.redis.gcc_version text The version of the GCC compiler used to compile the Redis server.
services.redis.git_sha1 text The Sha-1 Git commit hash the Redis server used.
services.redis.info_response.key text
services.redis.info_response.value text
services.redis.major unsigned_long Major is the version's major number.
services.redis.mem_allocator text The memory allocator.
services.redis.minor unsigned_long Minor is the version's major number.
services.redis.mode text The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
services.redis.nonexistent_response text The response from the NONEXISTENT command.
services.redis.os text The OS the Redis server is running, read from the the info_response (if available).
services.redis.patch_level unsigned_long Patchlevel is the version's patchlevel number.
services.redis.ping_response text The response from the PING command; should either be "PONG" or an authentication error.
services.redis.quit_response text The response to the QUIT command.
services.redis.raw_command_output.output text
services.redis.uptime unsigned_long The number of seconds since Redis server start.
services.redis.used_memory unsigned_long The total number of bytes allocated by Redis using its allocator.

ANY_CONNECT

Path Type Docs
services.any_connect.aggregate_auth_version integer Version number indicated by the response for config-auth exchange
services.any_connect.auth_methods text Supported methods for users to enter credentials for this VPN
services.any_connect.groups text List of groups a user can authenticate with to use this VPN
services.any_connect.raw text XML content of the config-auth response
services.any_connect.response_type text Type of the response packet received after initializing the config-auth exchange

MSSQL

Path Type Docs
services.mssql.encrypt_mode text The negotiated ENCRYPT_MODE with the server
services.mssql.instance_name text
services.mssql.prelogin_options.encrypt_mode text
services.mssql.prelogin_options.fed_auth_required boolean
services.mssql.prelogin_options.instance text
services.mssql.prelogin_options.mars boolean
services.mssql.prelogin_options.nonce text
services.mssql.prelogin_options.server_version.build_number unsigned_long
services.mssql.prelogin_options.server_version.major unsigned_long
services.mssql.prelogin_options.server_version.minor unsigned_long
services.mssql.prelogin_options.thread_id unsigned_long
services.mssql.prelogin_options.trace_id text
services.mssql.prelogin_options.unknown.key unsigned_long
services.mssql.prelogin_options.unknown.value text
services.mssql.version text

BACNET

Path Type Docs
services.bacnet.application_software_revision text
services.bacnet.description text
services.bacnet.firmware_revision text
services.bacnet.instance_number unsigned_long
services.bacnet.location text
services.bacnet.model_name text
services.bacnet.object_name text
services.bacnet.vendor_id unsigned_long
services.bacnet.vendor_name text

IPMI

Path Type Docs
services.ipmi.capabilities.auth_status.anonymous_login_enabled boolean If true, the server allows anonymous login.
services.ipmi.capabilities.auth_status.auth_each_message boolean If true, each message must be authenticated.
services.ipmi.capabilities.auth_status.has_anonymous_users boolean If true, the server has anonymous users.
services.ipmi.capabilities.auth_status.has_named_users boolean If true, the server supports named users.
services.ipmi.capabilities.auth_status.two_key_login_required boolean The KG field.
services.ipmi.capabilities.auth_status.user_auth_disabled boolean If true, user authentication is disabled.
services.ipmi.capabilities.channel_number integer The response channel number
services.ipmi.capabilities.completion_code.name text The human-readable name of the code
services.ipmi.capabilities.completion_code.raw integer The raw completion code
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5 boolean True if IPMI v1.5 is supported
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0 boolean True if IPMI v2.0 is supported
services.ipmi.capabilities.oem_data integer The OEM-specific data
services.ipmi.capabilities.oem_id text The 3-byte OEM identifier
services.ipmi.capabilities.supported_auth_types.extended boolean If true, the extended capabilities are present.
services.ipmi.capabilities.supported_auth_types.md2 boolean True if the MD2 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.md5 boolean True if the MD5 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.none boolean True if the None AuthType is supported.
services.ipmi.capabilities.supported_auth_types.oem_proprietary boolean True if the OEM Proprietary AuthType is supported
services.ipmi.capabilities.supported_auth_types.password boolean True if the Password AuthType is supported.
services.ipmi.capabilities.supported_auth_types.raw integer The raw byte, with the bit mask etc
services.ipmi.command_payload.checksum_error boolean This is set to true if the values of chk1 / chk2 do not match the command data
services.ipmi.command_payload.data text The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse
services.ipmi.command_payload.ipmi_command_number.name text The human-readable name of the cmd + NetFn
services.ipmi.command_payload.ipmi_command_number.raw integer The raw value of the cmd value
services.ipmi.command_payload.network_function_code.logical_unit_number.name text The human-readable name of the LUN
services.ipmi.command_payload.network_function_code.logical_unit_number.raw integer The value of the LUN (3 bits)
services.ipmi.command_payload.network_function_code.net_fn.is_request boolean True if the least-significant bit is zero
services.ipmi.command_payload.network_function_code.net_fn.is_response boolean True if the least-significant bit is one
services.ipmi.command_payload.network_function_code.net_fn.name text The human-readable name of the NetFn
services.ipmi.command_payload.network_function_code.net_fn.raw integer The raw value of the NetFn (6 bits, least significant indicates request/response)
services.ipmi.command_payload.network_function_code.net_fn.value integer The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even)
services.ipmi.command_payload.network_function_code.raw integer The raw value of the (NetFn << 2) | LUN
services.ipmi.command_payload.requestor_sequence_number integer The request sequence number.
services.ipmi.raw text The raw data returned by the server
services.ipmi.rmcp_header.message_class.class integer Just the class part of the byte (lower 5 bits of raw)
services.ipmi.rmcp_header.message_class.is_ack boolean True if the message is an acknowledgment to a previous message.
services.ipmi.rmcp_header.message_class.name text The human-readable name of the message class
services.ipmi.rmcp_header.message_class.raw integer The raw message class byte.
services.ipmi.rmcp_header.sequence_number integer Sequence number of this packet in the session.
services.ipmi.rmcp_header.version integer The version. This scanner supports version 6.
services.ipmi.session_header.auth_code text The 16-byte authentication code; not present if auth_type is None.
services.ipmi.session_header.auth_type.name text The raw value of the auth_type
services.ipmi.session_header.auth_type.raw integer The raw value of the auth_type
services.ipmi.session_header.auth_type.type integer Just the auth type (reserved bits omitted)
services.ipmi.session_header.session_id long The ID of this sessiod.
services.ipmi.session_header.session_sequence_number long The session sequence number of this packet in the session

SNMP

Path Type Docs
services.snmp.oid_interfaces.num_ifaces unsigned_long 1.3.6.1.2.1.2.1 - Number of network interfaces
services.snmp.oid_physical.firmware_rev text 1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
services.snmp.oid_physical.hardware_rev text 1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
services.snmp.oid_physical.mfg_name text 1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
services.snmp.oid_physical.model_name text 1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
services.snmp.oid_physical.name text 1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
services.snmp.oid_physical.serial_num text 1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
services.snmp.oid_physical.software_rev text 1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
services.snmp.oid_system.contact text 1.3.6.1.2.1.1.4 - Contact info
services.snmp.oid_system.desc text 1.3.6.1.2.1.1.1 - Description of entity
services.snmp.oid_system.init_time unsigned_long 1.3.6.1.2.1.1.3 - 1/100ths of sec
services.snmp.oid_system.location text 1.3.6.1.2.1.1.6 - Physical location
services.snmp.oid_system.name text 1.3.6.1.2.1.1.5 - Name, usually FQDN
services.snmp.oid_system.object_id text 1.3.6.1.2.1.1.2 - Vendor ID
services.snmp.oid_system.services.layer_1 boolean Physical (e.g. repeaters)
services.snmp.oid_system.services.layer_2 boolean Datalink/subnetwork (e.g. bridges)
services.snmp.oid_system.services.layer_3 boolean Internet (e.g. IP gateways)
services.snmp.oid_system.services.layer_4 boolean End-to-end (e.g. IP hosts)
services.snmp.oid_system.services.layer_5 boolean OSI layer 5
services.snmp.oid_system.services.layer_6 boolean OSI layer 6
services.snmp.oid_system.services.layer_7 boolean Applications (e.g. mail relays)

SIP

Path Type Docs
services.sip.code integer
services.sip.server text Server software reported by service
services.sip.status text
services.sip.version text SIP version

ORACLE

Path Type Docs
services.oracle.accept_version unsigned_long The protocol version number from the Accept packet.
services.oracle.connect_flags0 nested The first set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags0.key text
services.oracle.connect_flags0.value boolean
services.oracle.connect_flags1 nested The second set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags1.key text
services.oracle.connect_flags1.value boolean
services.oracle.did_resend boolean True if the server sent a Resend packet request in response to the client's first Connect packet.
services.oracle.global_service_options nested Set of flags that the server returns in the Accept packet.
services.oracle.global_service_options.key text
services.oracle.global_service_options.value boolean
services.oracle.nsn_service_versions nested A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
services.oracle.nsn_service_versions.key text
services.oracle.nsn_service_versions.value text
services.oracle.nsn_version text The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.
services.oracle.redirect_target.key text
services.oracle.redirect_target.value text
services.oracle.redirect_target_raw text The connect descriptor returned by the server in the Redirect packet, if one is sent.
services.oracle.refuse_error.key text
services.oracle.refuse_error.value text
services.oracle.refuse_error_raw text The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.
services.oracle.refuse_reason_app text The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_reason_sys text The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_version text The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.

IKE

Path Type Docs
services.ike.v1.accepted_proposal boolean Did the host accept our security proposal? When false, the host responded with an error.
services.ike.v1.notify_message_types unsigned_long Which types of NOTIFY messages did the host send us?
services.ike.v1.vendor_ids text The list of Vendor ID "extensions" the host claimed to support in its handshake
services.ike.v2.accepted_proposal boolean
services.ike.v2.notify_message_types unsigned_long
services.ike.v2.vendor_ids text

FORTIGATE

Path Type Docs
services.fortigate.api_version text
services.fortigate.build integer
services.fortigate.http_info.headers nested
services.fortigate.http_info.headers.key text
services.fortigate.http_info.headers.value.headers text
services.fortigate.http_info.status text Status message received from hitting 404 /censys.inspect.
services.fortigate.http_info.status_code unsigned_long Status code received from hitting /censys.inspect.
services.fortigate.serial text
services.fortigate.status_code integer
services.fortigate.status_msg text
services.fortigate.version text

MMS

Path Type Docs
services.mms.model text
services.mms.revision text
services.mms.vendor text

POP3

Path Type Docs
services.pop3.banner text The POP3 banner.
services.pop3.start_tls text The server's response to the STARTTLS command.

MYSQL

Path Type Docs
services.mysql.auth_plugin_data text Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
services.mysql.auth_plugin_name text The name of the authentication plugin, returned in the initial HandshakePacket.
services.mysql.capability_flags nested The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.capability_flags.key text
services.mysql.capability_flags.value boolean
services.mysql.character_set unsigned_long The identifier for the character set the server is using. Returned in the initial HandshakePacket.
services.mysql.connection_id unsigned_long The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
services.mysql.error_code long Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
services.mysql.error_id text The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN
services.mysql.error_message text Optional string describing the error. Only set if there is an error.
services.mysql.protocol_version unsigned_long 8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
services.mysql.server_version text The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
services.mysql.status_flags nested The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.status_flags.key text
services.mysql.status_flags.value boolean

PROMETHEUS

Path Type Docs
services.prometheus.http_info.headers nested
services.prometheus.http_info.headers.key text
services.prometheus.http_info.headers.value.headers text
services.prometheus.http_info.status text Status message received from hitting /api/v1/targets.
services.prometheus.http_info.status_code unsigned_long Status code received from hitting /api/v1/targets.
services.prometheus.response.active_targets.discovered_labels.address text Address of target.
services.prometheus.response.active_targets.discovered_labels.job text Job of target.
services.prometheus.response.active_targets.discovered_labels.metrics_path text Path to metrics of target.
services.prometheus.response.active_targets.discovered_labels.scheme text URL scheme.
services.prometheus.response.active_targets.health text Whether target is up or down.
services.prometheus.response.active_targets.labels.instance text Instance after relabelling has occurred.
services.prometheus.response.active_targets.labels.job text Job of target after relabelling has occurred.
services.prometheus.response.active_targets.last_error text Last error that occurred within target.
services.prometheus.response.active_targets.last_scrape text Last time Prometheus scraped target.
services.prometheus.response.active_targets.scrape_url text URL that Prometheus scraped.
services.prometheus.response.all_versions text List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
services.prometheus.response.config_exposed boolean True when the config endpoint is exposed.
services.prometheus.response.dropped_targets.address text Address of target.
services.prometheus.response.dropped_targets.job text Job of target.
services.prometheus.response.dropped_targets.metrics_path text Path to metrics of target.
services.prometheus.response.dropped_targets.scheme text URL scheme.
services.prometheus.response.go_versions text List of the versions of Go.
services.prometheus.response.prometheus_versions.go_version text Version of Go used to build Prometheus.
services.prometheus.response.prometheus_versions.revision text Revision of Prometheus.
services.prometheus.response.prometheus_versions.version text Version of Prometheus.

IMAP

Path Type Docs
services.imap.banner text The IMAP banner.
services.imap.start_tls text The server's response to the STARTTLS command.

TEAM_VIEWER

Path Type Docs
services.team_viewer.response text

CWMP

Path Type Docs
services.cwmp.http_info.body text
services.cwmp.http_info.body_hashes text
services.cwmp.http_info.body_size integer
services.cwmp.http_info.favicons.md5_hash keyword
services.cwmp.http_info.favicons.name text
services.cwmp.http_info.favicons.size integer
services.cwmp.http_info.headers nested
services.cwmp.http_info.headers.key text
services.cwmp.http_info.headers.value.headers text
services.cwmp.http_info.html_tags text
services.cwmp.http_info.html_title text
services.cwmp.http_info.protocol text
services.cwmp.http_info.status_code integer
services.cwmp.http_info.status_reason text

LDAP

Path Type Docs
services.ldap.allows_anonymous_bind boolean Ability to connect with anonymous bind (empty username and password)
services.ldap.attributes.name text Name of the LDAP attribute in the root DN
services.ldap.attributes.values text Values for the respective LDAP attribute
services.ldap.resultcode unsigned_long Result or error code returned by LDAP instance upon bind

SSDP

Path Type Docs
services.ssdp.headers nested
services.ssdp.headers.key text
services.ssdp.headers.value.headers text
services.ssdp.upnp_url text

VNC

Path Type Docs
services.vnc.connection_failed_reason text If server terminates handshake, the reason offered (if any)
services.vnc.desktop_name text Desktop name provided by the server, capped at 255 bytes
services.vnc.pixel_encoding.name text
services.vnc.pixel_encoding.value integer
services.vnc.screen_info.height unsigned_long
services.vnc.screen_info.name_len unsigned_long
services.vnc.screen_info.pixel_format.big_endian boolean If pixel RGB data are in big-endian
services.vnc.screen_info.pixel_format.bits_per_pixel unsigned_long How many bits in a single full pixel datum. Valid values are: 8, 16, 32
services.vnc.screen_info.pixel_format.blue_max unsigned_long Max value of blue pixel
services.vnc.screen_info.pixel_format.blue_shift unsigned_long How many bits to right shift a pixel datum to get blue bits in lsb
services.vnc.screen_info.pixel_format.depth unsigned_long Color depth
services.vnc.screen_info.pixel_format.green_max unsigned_long Max value of green pixel
services.vnc.screen_info.pixel_format.green_shift unsigned_long How many bits to right shift a pixel datum to get green bits in lsb
services.vnc.screen_info.pixel_format.padding1 unsigned_long
services.vnc.screen_info.pixel_format.padding2 unsigned_long
services.vnc.screen_info.pixel_format.padding3 unsigned_long
services.vnc.screen_info.pixel_format.red_max unsigned_long Max value of red pixel
services.vnc.screen_info.pixel_format.red_shift unsigned_long How many bits to right shift a pixel datum to get red bits in lsb
services.vnc.screen_info.pixel_format.true_color boolean If false, color maps are used
services.vnc.screen_info.width unsigned_long
services.vnc.security_types.name text
services.vnc.security_types.value integer
services.vnc.version text

UPNP

Path Type Docs
services.upnp.devices.device_type text
services.upnp.devices.friendly_name text
services.upnp.devices.id integer Censys-generated IDs representing a device tree
services.upnp.devices.manufacturer text
services.upnp.devices.manufacturer_url text
services.upnp.devices.model_description text
services.upnp.devices.model_name text
services.upnp.devices.model_number text
services.upnp.devices.model_url text
services.upnp.devices.parent_id integer
services.upnp.devices.presentation_url text
services.upnp.devices.serial_number text
services.upnp.devices.service_list.control_url text
services.upnp.devices.service_list.event_sub_url text
services.upnp.devices.service_list.scpd_url text
services.upnp.devices.service_list.service_id text
services.upnp.devices.service_list.service_type text
services.upnp.devices.udn text
services.upnp.devices.upc text
services.upnp.endpoint text
services.upnp.headers nested
services.upnp.headers.key text
services.upnp.headers.value.headers text
services.upnp.spec.major text
services.upnp.spec.minor text

MEMCACHED

Path Type Docs
services.memcached.ascii_binding_protocol_enabled boolean True if the server responds to the ascii version of the memcached protocol.
services.memcached.binary_binding_protocol_enabled boolean True if the server responds to the binary version of the memcached protocol.
services.memcached.responds_to_udp boolean True if the server responds UDP.
services.memcached.stats nested Server Stats
services.memcached.stats.key text
services.memcached.stats.value text
services.memcached.version text Memcached Version

OPENVPN

Path Type Docs
services.openvpn.accepts_v1 boolean
services.openvpn.accepts_v2 boolean

MQTT

Path Type Docs
services.mqtt.connection_ack_raw text Raw CONNACK response packet
services.mqtt.connection_ack_return.raw unsigned_long Raw connect status value
services.mqtt.connection_ack_return.return_value text Connection status
services.mqtt.subscription_ack_return.raw unsigned_long Raw subscription response value
services.mqtt.subscription_ack_return.return_value text Subscription response

KUBERNETES

Path Type Docs
services.kubernetes.endpoints.name text
services.kubernetes.endpoints.self_link text
services.kubernetes.endpoints.subsets.addresses.hostname text
services.kubernetes.endpoints.subsets.addresses.ip ip
services.kubernetes.endpoints.subsets.addresses.node_name text
services.kubernetes.endpoints.subsets.ports.name text
services.kubernetes.endpoints.subsets.ports.port unsigned_long
services.kubernetes.endpoints.subsets.ports.protocol text
services.kubernetes.kubernetes_dashboard_found boolean True if the dashboard is running and accessible
services.kubernetes.nodes.addresses.address keyword Node address, IP/URL.
services.kubernetes.nodes.addresses.address_type text Node address type, one of Hostname, ExternalIP or InternalIP.
services.kubernetes.nodes.architecture text The Architecture reported by the node.
services.kubernetes.nodes.container_runtime_version text ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
services.kubernetes.nodes.images text List of container images on this node
services.kubernetes.nodes.kernel_version text Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
services.kubernetes.nodes.kube_proxy_version text KubeProxy Version reported by the node.
services.kubernetes.nodes.kubelet_version text Kubelet Version reported by the node.
services.kubernetes.nodes.name text
services.kubernetes.nodes.operating_system text The Operating System reported by the node.
services.kubernetes.nodes.os_image text OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
services.kubernetes.pod_names text
services.kubernetes.roles.name text
services.kubernetes.roles.rules.api_groups text APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
services.kubernetes.roles.rules.resources text Resources is a list of resources this rule applies to. ResourceAll represents all resources
services.kubernetes.roles.rules.verbs text Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
services.kubernetes.version_info.build_date text Date version was built.
services.kubernetes.version_info.compiler text Go Compiler used
services.kubernetes.version_info.git_commit text Git commit version built from.
services.kubernetes.version_info.git_tree_state text State of the tree when built.
services.kubernetes.version_info.git_version text
services.kubernetes.version_info.go_version text Version of GO used to build version.
services.kubernetes.version_info.major text Kubernetes major version
services.kubernetes.version_info.minor text Kubernetes minor version
services.kubernetes.version_info.platform text Platform compiled for

POSTGRES

Path Type Docs
services.postgres.authentication_mode.mode text
services.postgres.authentication_mode.payload text
services.postgres.protocol_error nested
services.postgres.protocol_error.key text
services.postgres.protocol_error.value text
services.postgres.startup_error nested
services.postgres.startup_error.key text
services.postgres.startup_error.value text
services.postgres.supported_versions text
services.postgres.transaction_status text

FOX

Path Type Docs
services.fox.app_name text
services.fox.app_version text
services.fox.auth_agent_type text
services.fox.brand_id text
services.fox.host_address text
services.fox.hostid text
services.fox.hostname text
services.fox.id unsigned_long
services.fox.language text
services.fox.os_name text
services.fox.os_version text
services.fox.station_name text
services.fox.sys_info text
services.fox.time_zone text
services.fox.version text
services.fox.vm_name text
services.fox.vm_uuid text
services.fox.vm_version text