This page lists every field whose value can be searched within the Hosts dataset.

The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.

Hosts

HOST INFORMATION

Path	Type	Docs
ip	ip
name	text

SERVICE INFORMATION

Path	Type	Docs
services.banner	text
services.banner_hex	text
services.extended_service_name	text
services.perspective_id	text
services.port	integer
services.service_name	text
services.source_ip	ip
services.transport_protocol	text
services.truncated	boolean

HOST DNS

Path	Type	Docs
dns.names	text	Names that resolve to the host
dns.reverse_dns.names	text
dns.reverse_dns.resolved_at	date

HOST LOCATION

Path	Type	Docs
location.city	text	The English name of the detected city.
location.continent	keyword	The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
location.coordinates.latitude	double
location.coordinates.longitude	double
location.country	text	The English name of the detected country.
location.country_code	keyword	The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.postal_code	keyword	The postal code (if applicable) of the detected location.
location.province	text	The state or province name of the detected location.
location.registered_country	text	The English name of the registered country.
location.registered_country_code	keyword	The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.timezone	text	The IANA time zone database name of the detected location.

HOST OPERATING SYSTEM

Path	Type	Docs
operating_system.component_uniform_resource_identifiers	text	URIs of software components related to the identified software.
operating_system.cpe	text	CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
operating_system.edition	text	Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
operating_system.language	text	Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
operating_system.other.key	text
operating_system.other.value	text
operating_system.part	keyword	Defines the class of this software, a for application, o for operating system, h for hardware devices.
operating_system.product	text	Identifies the most common and recognizable title or name of the product.
operating_system.source	text	Defines the source that this software information was derived from.
operating_system.sw_edition	text	Characterizes how the product is tailored to a particular market or class of end users.
operating_system.target_hw	text	Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
operating_system.target_sw	text	Characterizes the software computing environment within which the product operates.
operating_system.update	text	Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
operating_system.vendor	text	Identifies the person or organization that manufactured or created the product.
operating_system.version	text	Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

HOST AUTONOMOUS SYSTEM

Path	Type	Docs
autonomous_system.asn	unsigned_long	The ASN (autonomous system number) of the host's autonomous system.
autonomous_system.bgp_prefix	ip_range	The autonomous system's CIDR.
autonomous_system.country_code	keyword	The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
autonomous_system.description	text	Brief description of the autonomous system.
autonomous_system.name	text	The friendly name of the autonomous system.
autonomous_system.organization	text	The name of the organization managning the autonomous system.

TLS

Path	Type	Docs
services.certificate	text
services.jarm.cipher_and_version_fingerprint	text	The first 30 byte portion of the Jarm fingerprint.
services.jarm.fingerprint	text	The 62 byte Jarm fingerprint of the service.
services.jarm.observed_at	date	The time the service was fingerprinted
services.jarm.tls_extensions_sha256	text	The second 32 byte portion of the Jarm fingerprint
services.tls.certificate.added_at	date	When the certificate was added to the Censys dataset.
services.tls.certificate.ct.entries	nested
services.tls.certificate.ct.entries.key	text
services.tls.certificate.ct.entries.value.added_to_ct_at	date	An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
services.tls.certificate.ct.entries.value.ct_to_censys_at	date	An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
services.tls.certificate.ct.entries.value.index	long	Numerical marker of the certificate's place in the CT log.
services.tls.certificate.ever_seen_in_scan	boolean
services.tls.certificate.fingerprint_md5	text	The MD-5 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha1	text	The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha256	text	The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
services.tls.certificate.modified_at	date	When the certificate record was last modified.
services.tls.certificate.names	text	All the names contained in the certificate from various fields.
services.tls.certificate.parent_spki_subject_fingerprint_sha256	text	The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.parse_status	text
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls	text
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls	text
services.tls.certificate.parsed.extensions.authority_key_id	text	A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.extensions.basic_constraints.is_ca	boolean	Whether the certificate is permitted to sign other certificates.
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len	integer	When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
services.tls.certificate.parsed.extensions.cabf_organization_id.country	text
services.tls.certificate.parsed.extensions.cabf_organization_id.reference	text
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme	text
services.tls.certificate.parsed.extensions.cabf_organization_id.state	text
services.tls.certificate.parsed.extensions.certificate_policies	nested	The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
services.tls.certificate.parsed.extensions.certificate_policies.cps	text
services.tls.certificate.parsed.extensions.certificate_policies.id	text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice	nested
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text	text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers	integer
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization	text
services.tls.certificate.parsed.extensions.crl_distribution_points	text	The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).
services.tls.certificate.parsed.extensions.ct_poison	boolean	Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
services.tls.certificate.parsed.extensions.extended_key_usage.any	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.unknown	text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names	nested	The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id	text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names	text	The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names	nested	The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses	text	The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses	text	The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names	nested	The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id	text	The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value	text	The raw otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids	text	The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers	text	The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.key_usage.certificate_sign	boolean	Whether the keyCertSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.content_commitment	boolean	Whether the contentCommitment (formerly called nonRepudiation) bit is set.
services.tls.certificate.parsed.extensions.key_usage.crl_sign	boolean	Whether the cRLSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.data_encipherment	boolean	Whether the dataEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.decipher_only	boolean	Whether the decipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.digital_signature	boolean	Whether the digitalSignature bit is set.
services.tls.certificate.parsed.extensions.key_usage.encipher_only	boolean	Whether the encipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_agreement	boolean	Whether the keyAgreement bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_encipherment	boolean	Whether the keyEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.value	unsigned_long	The integer value of the bitmask in the extension.
services.tls.certificate.parsed.extensions.name_constraints.critical	boolean
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names	nested	A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names	nested	A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses	text	A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses	nested	A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin	text	The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr	text	The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end	text	The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask	text	The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.excluded_names	text	A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids	text	A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris	text	A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names	nested	A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names	nested	A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses	text	A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses	nested	A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin	text	The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr	text	The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end	text	The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask	text	The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.permitted_names	text	A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids	text	A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris	text	A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.qc_statements.ids	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance	boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd	boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.types	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps	nested
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp	date
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version	integer
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names	nested	The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id	text
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names	text	The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names	nested	The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses	text	The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses	text	The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names	nested	The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id	text	The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value	text	The raw otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids	text	The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers	text	The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_key_id	text	A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
services.tls.certificate.parsed.extensions.tor_service_descriptors	nested
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name	text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash	text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits	integer
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion	text
services.tls.certificate.parsed.issuer.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.issuer.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.issuer.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.issuer.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.issuer.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.issuer.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.issuer.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.issuer.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.issuer.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.issuer.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.issuer.organization_id	text
services.tls.certificate.parsed.issuer.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.issuer.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.issuer.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.issuer.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.issuer.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.issuer.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.issuer_dn	text	Distinguished Name of the entity that has signed and issued the certificate.
services.tls.certificate.parsed.redacted	boolean
services.tls.certificate.parsed.serial_number	text	Issuer-specific identifier of the certificate.
services.tls.certificate.parsed.serial_number_hex	text	Issuer-specific identifier of the certificate, represented as hexadecimal.
services.tls.certificate.parsed.signature.self_signed	boolean	Whether the certificate was signed by its own key.
services.tls.certificate.parsed.signature.signature_algorithm.name	text	Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.signature.signature_algorithm.oid	text
services.tls.certificate.parsed.signature.valid	boolean	Whether the signature is valid.
services.tls.certificate.parsed.signature.value	text	Contents of the signature.
services.tls.certificate.parsed.subject.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.subject.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.subject.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.subject.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.subject.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.subject.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.subject.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.subject.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.subject.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.subject.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.subject.organization_id	text
services.tls.certificate.parsed.subject.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.subject.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.subject.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.subject.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.subject.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.subject.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.subject_dn	text	Distinguished Name of the entity associated with the public key.
services.tls.certificate.parsed.subject_key_info.dsa.g	text
services.tls.certificate.parsed.subject_key_info.dsa.p	text
services.tls.certificate.parsed.subject_key_info.dsa.q	text
services.tls.certificate.parsed.subject_key_info.dsa.y	text
services.tls.certificate.parsed.subject_key_info.ecdsa.b	text
services.tls.certificate.parsed.subject_key_info.ecdsa.curve	text
services.tls.certificate.parsed.subject_key_info.ecdsa.gx	text
services.tls.certificate.parsed.subject_key_info.ecdsa.gy	text
services.tls.certificate.parsed.subject_key_info.ecdsa.length	long
services.tls.certificate.parsed.subject_key_info.ecdsa.n	text
services.tls.certificate.parsed.subject_key_info.ecdsa.p	text
services.tls.certificate.parsed.subject_key_info.ecdsa.pub	text
services.tls.certificate.parsed.subject_key_info.ecdsa.x	text
services.tls.certificate.parsed.subject_key_info.ecdsa.y	text
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256	text	The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.subject_key_info.key_algorithm.name	text	Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid	text
services.tls.certificate.parsed.subject_key_info.rsa.exponent	long	The RSA key's public exponent (e).
services.tls.certificate.parsed.subject_key_info.rsa.length	long	Bit-length of the RSA modulus.
services.tls.certificate.parsed.subject_key_info.rsa.modulus	text	The RSA key's modulus (n) in big-endian encoding.
services.tls.certificate.parsed.subject_key_info.unrecognized.raw	text
services.tls.certificate.parsed.unknown_extensions	nested
services.tls.certificate.parsed.unknown_extensions.critical	boolean
services.tls.certificate.parsed.unknown_extensions.id	text
services.tls.certificate.parsed.unknown_extensions.value	text
services.tls.certificate.parsed.validity_period.length_seconds	long	The duration of the certificate's validity period, in seconds.
services.tls.certificate.parsed.validity_period.not_after	date	An RFC-3339-formatted timestamp after which the certificate is no longer valid.
services.tls.certificate.parsed.validity_period.not_before	date	An RFC-3339-formatted timestamp before which the certificate is not valid.
services.tls.certificate.parsed.version	integer
services.tls.certificate.precert	boolean	Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted.
services.tls.certificate.revocation.crl.next_update	date
services.tls.certificate.revocation.crl.reason	text	An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.crl.revocation_time	date	The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.crl.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revocation.ocsp.next_update	date
services.tls.certificate.revocation.ocsp.reason	text	An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.ocsp.revocation_time	date	The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.ocsp.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.spki_subject_fingerprint_sha256	text	The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.tbs_fingerprint_sha256	text	The SHA-256 digest of the unsigned certificate's contents.
services.tls.certificate.tbs_no_ct_fingerprint_sha256	text	The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.
services.tls.certificate.validated_at	date	When the certificate record's trust was last checked.
services.tls.certificate.validation.apple.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.apple.chains.sha256fp	text
services.tls.certificate.validation.apple.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.apple.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.apple.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.apple.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.apple.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.chrome.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.chrome.chains.sha256fp	text
services.tls.certificate.validation.chrome.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.chrome.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.chrome.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.chrome.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.chrome.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.microsoft.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.microsoft.chains.sha256fp	text
services.tls.certificate.validation.microsoft.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.microsoft.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.microsoft.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.microsoft.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.microsoft.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.nss.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.nss.chains.sha256fp	text
services.tls.certificate.validation.nss.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.nss.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.nss.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.nss.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.nss.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation_level	text	The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).
services.tls.certificate.zlint.errors_present	boolean	Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.failed_lints	text	A list of lint names which failed, if applicable.
services.tls.certificate.zlint.fatals_present	boolean	Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.notices_present	boolean	Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.timestamp	date	An RFC-3339-formated timestamp indicating when the certificate was linted.
services.tls.certificate.zlint.version	long	The version of Zlint used to lint the certificate.
services.tls.certificate.zlint.warnings_present	boolean	Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
services.tls.certificates.chain.fingerprint	keyword	SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.certificates.chain.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.chain.subject_dn	text	Distinguished name of the entity that the certificate belongs to.
services.tls.certificates.chain_fps_sha_256	keyword	DEPRECATED (04/30/2021) - Use `chain` instead.
services.tls.certificates.leaf_data.fingerprint	keyword	SHA256 fingerprint of the TBS certificate.
services.tls.certificates.leaf_data.issuer.common_name	text
services.tls.certificates.leaf_data.issuer.country	text
services.tls.certificates.leaf_data.issuer.domain_component	text
services.tls.certificates.leaf_data.issuer.email_address	text
services.tls.certificates.leaf_data.issuer.jurisdiction_country	text
services.tls.certificates.leaf_data.issuer.jurisdiction_locality	text
services.tls.certificates.leaf_data.issuer.jurisdiction_province	text
services.tls.certificates.leaf_data.issuer.locality	text
services.tls.certificates.leaf_data.issuer.organization	text
services.tls.certificates.leaf_data.issuer.organization_id	text
services.tls.certificates.leaf_data.issuer.organizational_unit	text
services.tls.certificates.leaf_data.issuer.postal_code	keyword
services.tls.certificates.leaf_data.issuer.province	text
services.tls.certificates.leaf_data.issuer.serial_number	keyword
services.tls.certificates.leaf_data.issuer.street_address	text
services.tls.certificates.leaf_data.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.leaf_data.names	text	Common names for the entity.
services.tls.certificates.leaf_data.pubkey_algorithm	text	Algorithm used to create the public key.
services.tls.certificates.leaf_data.pubkey_bit_size	integer	Size of the public key.
services.tls.certificates.leaf_data.public_key.dsa.g	text
services.tls.certificates.leaf_data.public_key.dsa.p	text
services.tls.certificates.leaf_data.public_key.dsa.q	text
services.tls.certificates.leaf_data.public_key.dsa.y	text
services.tls.certificates.leaf_data.public_key.ecdsa.b	text
services.tls.certificates.leaf_data.public_key.ecdsa.curve	keyword
services.tls.certificates.leaf_data.public_key.ecdsa.gx	text
services.tls.certificates.leaf_data.public_key.ecdsa.gy	text
services.tls.certificates.leaf_data.public_key.ecdsa.length	unsigned_long
services.tls.certificates.leaf_data.public_key.ecdsa.n	text
services.tls.certificates.leaf_data.public_key.ecdsa.p	text
services.tls.certificates.leaf_data.public_key.ecdsa.pub	text
services.tls.certificates.leaf_data.public_key.ecdsa.x	text
services.tls.certificates.leaf_data.public_key.ecdsa.y	text
services.tls.certificates.leaf_data.public_key.fingerprint	text
services.tls.certificates.leaf_data.public_key.key_algorithm	keyword
services.tls.certificates.leaf_data.public_key.rsa.exponent	text
services.tls.certificates.leaf_data.public_key.rsa.length	unsigned_long
services.tls.certificates.leaf_data.public_key.rsa.modulus	text
services.tls.certificates.leaf_data.signature.self_signed	boolean	Denotes if the certificate was self signed.
services.tls.certificates.leaf_data.signature.signature_algorithm	keyword	Cryptographic algorithm used by the CA to sign this certificate.
services.tls.certificates.leaf_data.subject.common_name	text
services.tls.certificates.leaf_data.subject.country	text
services.tls.certificates.leaf_data.subject.domain_component	text
services.tls.certificates.leaf_data.subject.email_address	text
services.tls.certificates.leaf_data.subject.jurisdiction_country	text
services.tls.certificates.leaf_data.subject.jurisdiction_locality	text
services.tls.certificates.leaf_data.subject.jurisdiction_province	text
services.tls.certificates.leaf_data.subject.locality	text
services.tls.certificates.leaf_data.subject.organization	text
services.tls.certificates.leaf_data.subject.organization_id	text
services.tls.certificates.leaf_data.subject.organizational_unit	text
services.tls.certificates.leaf_data.subject.postal_code	keyword
services.tls.certificates.leaf_data.subject.province	text
services.tls.certificates.leaf_data.subject.serial_number	keyword
services.tls.certificates.leaf_data.subject.street_address	text
services.tls.certificates.leaf_data.subject_dn	text	Distinguished name of the entity associated with the public key.
services.tls.certificates.leaf_data.tbs_fingerprint	keyword	Fingerprint of the TBS certificate.
services.tls.certificates.leaf_fp_sha_256	keyword	SHA 256 fingerprint of the TBS certificate.
services.tls.cipher_selected	text	Cipher suite chosen for the exchange.
services.tls.ja3s	text	The JA3S fingerprint for this service.
services.tls.presented_chain.fingerprint	keyword	SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.presented_chain.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.presented_chain.subject_dn	text	Distinguished name of the entity that the certificate belongs to.
services.tls.server_key_exchange.ec_params.named_curve	unsigned_long	Elliptic-Curve ID value.
services.tls.server_key_exchange.ec_params.public_key	text
services.tls.session_ticket.length	unsigned_long
services.tls.session_ticket.lifetime_hint	unsigned_long	Hint from server about how long the session ticket should be stored.
services.tls.version_selected	text	Certificate version v1(0), v2(1), v3(2).

SOFTWARE

Path	Type	Docs
services.software	nested
services.software.component_uniform_resource_identifiers	text	URIs of software components related to the identified software.
services.software.cpe	text	CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
services.software.edition	text	Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
services.software.language	text	Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
services.software.other.key	text
services.software.other.value	text
services.software.part	keyword	Defines the class of this software, a for application, o for operating system, h for hardware devices.
services.software.product	text	Identifies the most common and recognizable title or name of the product.
services.software.source	text	Defines the source that this software information was derived from.
services.software.sw_edition	text	Characterizes how the product is tailored to a particular market or class of end users.
services.software.target_hw	text	Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
services.software.target_sw	text	Characterizes the software computing environment within which the product operates.
services.software.update	text	Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
services.software.vendor	text	Identifies the person or organization that manufactured or created the product.
services.software.version	text	Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

MISC

Path	Type	Docs
labels	text
last_updated_at	date
service_count	integer
services	nested
services.banner_hashes	text
services.cobalt_strike.x64.cookie_beacon	unsigned_long
services.cobalt_strike.x64.crypto_scheme	unsigned_long
services.cobalt_strike.x64.dns	boolean
services.cobalt_strike.x64.http_get.client	text
services.cobalt_strike.x64.http_get.uri	text
services.cobalt_strike.x64.http_get.verb	text
services.cobalt_strike.x64.http_post.client	text
services.cobalt_strike.x64.http_post.uri	text
services.cobalt_strike.x64.http_post.verb	text
services.cobalt_strike.x64.jitter	unsigned_long
services.cobalt_strike.x64.killdate	unsigned_long
services.cobalt_strike.x64.post_ex.x64	text
services.cobalt_strike.x64.post_ex.x86	text
services.cobalt_strike.x64.public_key	text
services.cobalt_strike.x64.sleep_time	unsigned_long
services.cobalt_strike.x64.ssl	boolean
services.cobalt_strike.x64.unknown_bytes.key	unsigned_long
services.cobalt_strike.x64.unknown_bytes.value	text
services.cobalt_strike.x64.unknown_int.key	unsigned_long
services.cobalt_strike.x64.unknown_int.value	unsigned_long
services.cobalt_strike.x64.user_agent	text
services.cobalt_strike.x64.watermark	unsigned_long
services.cobalt_strike.x86.cookie_beacon	unsigned_long
services.cobalt_strike.x86.crypto_scheme	unsigned_long
services.cobalt_strike.x86.dns	boolean
services.cobalt_strike.x86.http_get.client	text
services.cobalt_strike.x86.http_get.uri	text
services.cobalt_strike.x86.http_get.verb	text
services.cobalt_strike.x86.http_post.client	text
services.cobalt_strike.x86.http_post.uri	text
services.cobalt_strike.x86.http_post.verb	text
services.cobalt_strike.x86.jitter	unsigned_long
services.cobalt_strike.x86.killdate	unsigned_long
services.cobalt_strike.x86.post_ex.x64	text
services.cobalt_strike.x86.post_ex.x86	text
services.cobalt_strike.x86.public_key	text
services.cobalt_strike.x86.sleep_time	unsigned_long
services.cobalt_strike.x86.ssl	boolean
services.cobalt_strike.x86.unknown_bytes.key	unsigned_long
services.cobalt_strike.x86.unknown_bytes.value	text
services.cobalt_strike.x86.unknown_int.key	unsigned_long
services.cobalt_strike.x86.unknown_int.value	unsigned_long
services.cobalt_strike.x86.user_agent	text
services.cobalt_strike.x86.watermark	unsigned_long
services.discovery_method	text
services.labels	text
services.transport_fingerprint.id	integer
services.transport_fingerprint.os	text
services.transport_fingerprint.quic.versions	unsigned_long	Raw versions presented in the QUIC version negotiation packet, if any.
services.transport_fingerprint.raw	text
truncated	boolean

HTTP

Path	Type	Docs
services.http.request.body	text
services.http.request.headers	nested
services.http.request.headers.key	text
services.http.request.headers.value.headers	text
services.http.request.method	text
services.http.request.uri	text
services.http.response.body	text
services.http.response.body_hashes	text
services.http.response.body_size	integer
services.http.response.favicons.md5_hash	keyword
services.http.response.favicons.name	text
services.http.response.favicons.size	integer
services.http.response.headers	nested
services.http.response.headers.key	text
services.http.response.headers.value.headers	text
services.http.response.html_tags	text
services.http.response.html_title	text
services.http.response.protocol	text
services.http.response.status_code	integer
services.http.response.status_reason	text
services.http.supports_http2	boolean

SSH

Path	Type	Docs
services.ssh.algorithm_selection.client_to_server_alg_group.cipher	text
services.ssh.algorithm_selection.client_to_server_alg_group.compression	text
services.ssh.algorithm_selection.client_to_server_alg_group.mac	text
services.ssh.algorithm_selection.host_key_algorithm	text
services.ssh.algorithm_selection.kex_algorithm	text
services.ssh.algorithm_selection.server_to_client_alg_group.cipher	text
services.ssh.algorithm_selection.server_to_client_alg_group.compression	text
services.ssh.algorithm_selection.server_to_client_alg_group.mac	text
services.ssh.endpoint_id.comment	text
services.ssh.endpoint_id.protocol_version	text
services.ssh.endpoint_id.raw	text
services.ssh.endpoint_id.software_version	text
services.ssh.hassh_fingerprint	text
services.ssh.kex_init_message.client_to_server_ciphers	text	A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.client_to_server_compression	text	A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.client_to_server_languages	text	A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.client_to_server_macs	text	A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.kex_init_message.first_kex_follows	boolean
services.ssh.kex_init_message.host_key_algorithms	text	Asymmetric key algorithms for the host key supported by the client.
services.ssh.kex_init_message.kex_algorithms	text	Key exchange algorithms used in the handshake.
services.ssh.kex_init_message.server_to_client_ciphers	text	A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.server_to_client_compression	text	A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.server_to_client_languages	text	A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.server_to_client_macs	text	A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.server_host_key.certkey_public_key	text
services.ssh.server_host_key.dsa_public_key.g	text
services.ssh.server_host_key.dsa_public_key.p	text
services.ssh.server_host_key.dsa_public_key.q	text
services.ssh.server_host_key.dsa_public_key.y	text
services.ssh.server_host_key.ecdsa_public_key.b	text
services.ssh.server_host_key.ecdsa_public_key.curve	keyword
services.ssh.server_host_key.ecdsa_public_key.gx	text
services.ssh.server_host_key.ecdsa_public_key.gy	text
services.ssh.server_host_key.ecdsa_public_key.length	unsigned_long
services.ssh.server_host_key.ecdsa_public_key.n	text
services.ssh.server_host_key.ecdsa_public_key.p	text
services.ssh.server_host_key.ecdsa_public_key.pub	text
services.ssh.server_host_key.ecdsa_public_key.x	text
services.ssh.server_host_key.ecdsa_public_key.y	text
services.ssh.server_host_key.ed25519_public_key.public_bytes	text
services.ssh.server_host_key.fingerprint_sha256	text
services.ssh.server_host_key.rsa_public_key.exponent	text
services.ssh.server_host_key.rsa_public_key.length	unsigned_long
services.ssh.server_host_key.rsa_public_key.modulus	text

TELNET

Path	Type	Docs
services.telnet.banner	text
services.telnet.do.key	unsigned_long
services.telnet.do.value	text
services.telnet.dont.key	unsigned_long
services.telnet.dont.value	text
services.telnet.will.key	unsigned_long
services.telnet.will.value	text
services.telnet.wont.key	unsigned_long
services.telnet.wont.value	text

FTP

Path	Type	Docs
services.ftp.auth_ssl_response	text
services.ftp.auth_tls_response	text
services.ftp.banner	text
services.ftp.implicit_tls	boolean
services.ftp.status_code	integer
services.ftp.status_meaning	text

DNS

Path	Type	Docs
services.dns.additionals.name	text
services.dns.additionals.response	text
services.dns.additionals.type	text
services.dns.answers.name	text
services.dns.answers.response	text
services.dns.answers.type	text
services.dns.authorities.name	text
services.dns.authorities.response	text
services.dns.authorities.type	text
services.dns.edns.do	boolean
services.dns.edns.options	text
services.dns.edns.udp	unsigned_long
services.dns.edns.version	unsigned_long
services.dns.questions.name	text
services.dns.questions.response	text
services.dns.questions.type	text
services.dns.r_code	text
services.dns.resolves_correctly	boolean
services.dns.server_type	text
services.dns.version	text

Misc

Path	Type	Docs
autonomous_system	object
dns	object
dns.reverse_dns	object
location	object
location.coordinates	object	The estimated coordinates of the detected location.
operating_system	object
operating_system.other	object	Other attributes describing the identified software
services.amqp	object
services.amqp.protocol_id	object
services.amqp.version	object
services.any_connect	object
services.bacnet	object
services.coap	object
services.cobalt_strike	object
services.cobalt_strike.x64	object
services.cobalt_strike.x64.http_get	object
services.cobalt_strike.x64.http_post	object
services.cobalt_strike.x64.post_ex	object
services.cobalt_strike.x64.unknown_bytes	object
services.cobalt_strike.x64.unknown_int	object
services.cobalt_strike.x86	object
services.cobalt_strike.x86.http_get	object
services.cobalt_strike.x86.http_post	object
services.cobalt_strike.x86.post_ex	object
services.cobalt_strike.x86.unknown_bytes	object
services.cobalt_strike.x86.unknown_int	object
services.cwmp	object
services.cwmp.http_info	object
services.cwmp.http_info.favicons	object
services.cwmp.http_info.headers.value	object
services.dnp3	object
services.dns	object
services.dns.additionals	object
services.dns.answers	object
services.dns.authorities	object
services.dns.edns	object
services.dns.questions	object
services.elasticsearch	object
services.elasticsearch.http_info	object
services.elasticsearch.http_info.headers.value	object
services.elasticsearch.node_info	object
services.elasticsearch.node_info.cluster_combined_info	object
services.elasticsearch.node_info.cluster_combined_info.filesystem	object
services.elasticsearch.node_info.cluster_combined_info.indices	object
services.elasticsearch.node_info.cluster_combined_info.indices.docs	object
services.elasticsearch.node_info.cluster_combined_info.indices.store	object
services.elasticsearch.node_info.nodes	object
services.elasticsearch.node_info.nodes.node_data	object
services.elasticsearch.node_info.nodes.node_data.jvm	object
services.elasticsearch.node_info.nodes.node_data.modules	object
services.elasticsearch.node_info.nodes.node_data.os	object
services.elasticsearch.node_info.nodes.node_data.settings	object
services.elasticsearch.node_info.nodes.node_data.settings.node	object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr	object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml	object
services.elasticsearch.node_info.nodes.node_data.thread_pool_list	object
services.elasticsearch.system_info	object
services.elasticsearch.system_info.version	object
services.fortigate	object
services.fortigate.http_info	object
services.fortigate.http_info.headers.value	object
services.fox	object
services.ftp	object
services.http	object
services.http.request	object
services.http.request.headers.value	object
services.http.response	object
services.http.response.favicons	object
services.http.response.headers.value	object
services.ike	object
services.ike.v1	object
services.ike.v2	object
services.imap	object
services.ipmi	object
services.ipmi.capabilities	object	The Get Channel Authentication Capabilities response (section 22.13)
services.ipmi.capabilities.auth_status	object	The authentication status
services.ipmi.capabilities.completion_code	object	The status code of the response
services.ipmi.capabilities.extended_capabilities	object	Extended auth capabilities (if present)
services.ipmi.capabilities.supported_auth_types	object	The auth types supported by the server
services.ipmi.command_payload	object	The IPMI command payload
services.ipmi.command_payload.ipmi_command_number	object	The parsed IPMI command number
services.ipmi.command_payload.network_function_code	object	The NetFn and LUN
services.ipmi.command_payload.network_function_code.logical_unit_number	object	The parsed LUN (logical unit number -- the lower 2 bits of raw)
services.ipmi.command_payload.network_function_code.net_fn	object	The parsed NetFn value (the upper 6 bits of raw)
services.ipmi.rmcp_header	object	The RMCP header of the response, (section 13.1.3)
services.ipmi.rmcp_header.message_class	object	The class of the message.
services.ipmi.session_header	object	The IPMI sesssion header of the response
services.ipmi.session_header.auth_type	object	The authentication type for this request (see section 13.6)
services.ipp	object
services.ipp.attributes	object	All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
services.ipp.cups_response	object
services.ipp.cups_response.favicons	object
services.ipp.cups_response.headers.value	object
services.ipp.response	object
services.ipp.response.favicons	object
services.ipp.response.headers.value	object
services.jarm	object
services.kubernetes	object
services.kubernetes.endpoints	object
services.kubernetes.endpoints.subsets	object
services.kubernetes.endpoints.subsets.addresses	object
services.kubernetes.endpoints.subsets.ports	object
services.kubernetes.nodes	object
services.kubernetes.nodes.addresses	object
services.kubernetes.roles	object
services.kubernetes.roles.rules	object	Rules set for this role.
services.kubernetes.version_info	object
services.ldap	object
services.ldap.attributes	object	All root DN attributes available via anonymous bind
services.memcached	object
services.mms	object
services.modbus	object
services.modbus.exception_response	object
services.modbus.mei_response	object
services.mongodb	object
services.mongodb.build_info	object
services.mongodb.build_info.build_environment	object
services.mongodb.is_master	object
services.mqtt	object
services.mqtt.connection_ack_return	object
services.mqtt.subscription_ack_return	object
services.mssql	object
services.mssql.prelogin_options	object
services.mssql.prelogin_options.server_version	object
services.mssql.prelogin_options.unknown	object
services.mysql	object
services.ntp	object
services.ntp.get_time_header	object
services.openvpn	object
services.oracle	object
services.oracle.redirect_target	object	The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
services.oracle.refuse_error	object	The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE
services.parsed.dhcpdiscover	object
services.parsed.dhcpdiscover.method	text
services.parsed.dhcpdiscover.params	object
services.parsed.dhcpdiscover.params.device_info	object
services.parsed.dhcpdiscover.params.device_info.alarm_input_channels	long
services.parsed.dhcpdiscover.params.device_info.alarm_output_channels	long
services.parsed.dhcpdiscover.params.device_info.device_class	text
services.parsed.dhcpdiscover.params.device_info.device_id	text
services.parsed.dhcpdiscover.params.device_info.device_type	text
services.parsed.dhcpdiscover.params.device_info.http_port	long
services.parsed.dhcpdiscover.params.device_info.ipv4_address	object
services.parsed.dhcpdiscover.params.device_info.ipv4_address.default_gateway	text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.dhcp_enable	boolean
services.parsed.dhcpdiscover.params.device_info.ipv4_address.ip_address	text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.subnetmask	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address	object
services.parsed.dhcpdiscover.params.device_info.ipv6_address.default_gateway	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.dhcp_enable	boolean
services.parsed.dhcpdiscover.params.device_info.ipv6_address.ip_address	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.link_local_address	text
services.parsed.dhcpdiscover.params.device_info.machine_group	text
services.parsed.dhcpdiscover.params.device_info.machine_name	text
services.parsed.dhcpdiscover.params.device_info.manufacturer	text
services.parsed.dhcpdiscover.params.device_info.port	long
services.parsed.dhcpdiscover.params.device_info.remote_video_input_channels	long
services.parsed.dhcpdiscover.params.device_info.serial_no	text
services.parsed.dhcpdiscover.params.device_info.unlogin_func_mask	long
services.parsed.dhcpdiscover.params.device_info.vendor	text
services.parsed.dhcpdiscover.params.device_info.version	text
services.parsed.dhcpdiscover.params.device_info.video_input_channels	long
services.parsed.dhcpdiscover.params.device_info.video_output_channels	long
services.parsed.ethereum	object
services.parsed.ethereum.accounts	text
services.parsed.ethereum.hashrate	text
services.parsed.ethereum.version	object
services.parsed.ethereum.version.client	text
services.parsed.ethereum.version.compiler	text
services.parsed.ethereum.version.platform	text
services.parsed.ethereum.version.trailing	text
services.parsed.ethereum.version.version	text
services.parsed.rocketmq	object
services.parsed.rocketmq.cluster_info	object
services.parsed.rocketmq.cluster_info.header	object
services.parsed.rocketmq.cluster_info.header.code	long
services.parsed.rocketmq.cluster_info.header.flag	long
services.parsed.rocketmq.cluster_info.header.language	text
services.parsed.rocketmq.cluster_info.header.opaque	long
services.parsed.rocketmq.cluster_info.header.serialize_type_current_rpc	text
services.parsed.rocketmq.cluster_info.header.version	long
services.parsed.rocketmq.cluster_info.payload	text
services.parsed.rocketmq.topics	object
services.parsed.rocketmq.topics.header	object
services.parsed.rocketmq.topics.header.code	long
services.parsed.rocketmq.topics.header.flag	long
services.parsed.rocketmq.topics.header.language	text
services.parsed.rocketmq.topics.header.opaque	long
services.parsed.rocketmq.topics.header.serialize_type_current_rpc	text
services.parsed.rocketmq.topics.header.version	long
services.parsed.rocketmq.topics.topic_list	text
services.parsed.rocketmq.version	text
services.parsed.tplink_kasa	object
services.parsed.tplink_kasa.active_mode	text
services.parsed.tplink_kasa.alias	text
services.parsed.tplink_kasa.brightness	long
services.parsed.tplink_kasa.dev_name	text
services.parsed.tplink_kasa.err_code	long
services.parsed.tplink_kasa.feature	text
services.parsed.tplink_kasa.hw_ver	text
services.parsed.tplink_kasa.icon_hash	text
services.parsed.tplink_kasa.led_off	long
services.parsed.tplink_kasa.mic_type	text
services.parsed.tplink_kasa.model	text
services.parsed.tplink_kasa.on_time	long
services.parsed.tplink_kasa.relay_state	long
services.parsed.tplink_kasa.rssi	long
services.parsed.tplink_kasa.sw_ver	text
services.parsed.tplink_kasa.updating	long
services.pc_anywhere	object
services.pc_anywhere.status	object
services.pop3	object
services.postgres	object
services.postgres.authentication_mode	object
services.pptp	object
services.pptp.bearer_message	object
services.pptp.error_message	object
services.pptp.firmware	object
services.pptp.framing_message	object
services.pptp.protocol	object
services.pptp.result_message	object
services.prometheus	object
services.prometheus.http_info	object
services.prometheus.http_info.headers.value	object
services.prometheus.response	object	Information Prometheus captured as well as build information.
services.prometheus.response.active_targets	object	List of active targets.
services.prometheus.response.active_targets.discovered_labels	object
services.prometheus.response.active_targets.labels	object
services.prometheus.response.dropped_targets	object	List of dropped targets.
services.prometheus.response.prometheus_versions	object
services.rdp	object
services.rdp.certificate_info	object
services.rdp.certificate_info.proprietary_rsa_key	object
services.rdp.connect_response	object
services.rdp.connect_response.domain_parameters	object
services.rdp.protocol_flags	object
services.rdp.selected_security_protocol	object
services.rdp.version	object
services.redis	object
services.redis.info_response	object	The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.
services.redis.raw_command_output	object	The raw output returned by the server for each command sent; the indices match those of commands.
services.s7	object
services.sip	object
services.skinny	object
services.smb	object
services.smb.negotiation_log	object
services.smb.negotiation_log.header_log	object
services.smb.session_setup_log	object
services.smb.session_setup_log.header_log	object
services.smb.smb_capabilities	object	Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
services.smb.smb_version	object
services.smtp	object
services.snmp	object
services.snmp.oid_interfaces	object	1.3.6.1.2.1.2 - Interfaces
services.snmp.oid_physical	object	1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
services.snmp.oid_system	object	1.3.6.1.2.1.1 - System Variables
services.snmp.oid_system.services	object	1.3.6.1.2.1.1.7 - Set of services offered by entity
services.software.other	object	Other attributes describing the identified software
services.ssdp	object
services.ssdp.headers.value	object
services.ssh	object
services.ssh.algorithm_selection	object
services.ssh.algorithm_selection.client_to_server_alg_group	object
services.ssh.algorithm_selection.server_to_client_alg_group	object
services.ssh.endpoint_id	object
services.ssh.kex_init_message	object
services.ssh.server_host_key	object
services.ssh.server_host_key.dsa_public_key	object
services.ssh.server_host_key.ecdsa_public_key	object
services.ssh.server_host_key.ed25519_public_key	object
services.ssh.server_host_key.rsa_public_key	object
services.team_viewer	object
services.telnet	object
services.telnet.do	object
services.telnet.dont	object
services.telnet.will	object
services.telnet.wont	object
services.tls	object
services.tls.certificate	object
services.tls.certificate.ct	object
services.tls.certificate.ct.entries.value	object
services.tls.certificate.parsed	object	A record containing all of the data parsed from the certificate.
services.tls.certificate.parsed.extensions	object	A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
services.tls.certificate.parsed.extensions.authority_info_access	object	The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
services.tls.certificate.parsed.extensions.basic_constraints	object	The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
services.tls.certificate.parsed.extensions.cabf_organization_id	object	CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference	object
services.tls.certificate.parsed.extensions.extended_key_usage	object	The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
services.tls.certificate.parsed.extensions.issuer_alt_name	object	The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
services.tls.certificate.parsed.extensions.key_usage	object	The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
services.tls.certificate.parsed.extensions.name_constraints	object	The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
services.tls.certificate.parsed.extensions.qc_statements	object
services.tls.certificate.parsed.extensions.qc_statements.parsed	object
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature	object
services.tls.certificate.parsed.extensions.subject_alt_name	object	The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
services.tls.certificate.parsed.issuer	object	A record containing the parsed contents of the issuer_dn.
services.tls.certificate.parsed.signature	object
services.tls.certificate.parsed.signature.signature_algorithm	object
services.tls.certificate.parsed.subject	object	A record containing the parsed contents of the subject_dn.
services.tls.certificate.parsed.subject_key_info	object	Information about the certificate's public key.
services.tls.certificate.parsed.subject_key_info.dsa	object	A record containing the public portion of a DSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.ecdsa	object	A record containing the public portion of an ECDSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.key_algorithm	object	A record containing information about the type of subject key algorithm and any relevant parameters.
services.tls.certificate.parsed.subject_key_info.rsa	object	A record containing the public portion of an RSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.unrecognized	object	A record containing known information about an unrecognized key type.
services.tls.certificate.parsed.validity_period	object	Information about the time for which the certificate is valid.
services.tls.certificate.revocation	object	A record containing revocation information, if the certificate has been revoked.
services.tls.certificate.revocation.crl	object
services.tls.certificate.revocation.ocsp	object
services.tls.certificate.validation	object	A record containing information from the maintainers of major root certificate stores related to their trust assessment.
services.tls.certificate.validation.apple	object	A record containing validation information about the certificate from the Apple root store.
services.tls.certificate.validation.chrome	object	A record containing validation information about the certificate from the Chrome root store.
services.tls.certificate.validation.microsoft	object	A record containing validation information about the certificate from the Microsoft root store.
services.tls.certificate.validation.nss	object	A record containing validation information about the certificate from the Mozilla NSS root store.
services.tls.certificate.zlint	object	A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.
services.tls.certificates	object	Certificate and certificate chain details.
services.tls.certificates.chain	object	Certificate chain information.
services.tls.certificates.leaf_data	object	The TBS Certificate information.
services.tls.certificates.leaf_data.issuer	object	Issuer distinguished name attributes.
services.tls.certificates.leaf_data.public_key	object	Subject public key information.
services.tls.certificates.leaf_data.public_key.dsa	object
services.tls.certificates.leaf_data.public_key.ecdsa	object
services.tls.certificates.leaf_data.public_key.rsa	object
services.tls.certificates.leaf_data.signature	object	Certificate signature information.
services.tls.certificates.leaf_data.subject	object	Subject distinguished name attributes.
services.tls.presented_chain	object	Certificate chain information.
services.tls.server_key_exchange	object
services.tls.server_key_exchange.ec_params	object	Elliptic-Curve key exchange parameters used.
services.tls.session_ticket	object	The new session ticket sent by the server to the client.
services.transport_fingerprint	object
services.transport_fingerprint.quic	object
services.upnp	object
services.upnp.devices	object
services.upnp.devices.service_list	object
services.upnp.headers.value	object
services.upnp.spec	object
services.vnc	object
services.vnc.pixel_encoding	object
services.vnc.screen_info	object
services.vnc.screen_info.pixel_format	object
services.vnc.security_types	object	server-specified security options
services.x11	object

TEAM_VIEWER

Path	Type	Docs
services.team_viewer.response	text

IPMI

Path	Type	Docs
services.ipmi.capabilities.auth_status.anonymous_login_enabled	boolean	If true, the server allows anonymous login.
services.ipmi.capabilities.auth_status.auth_each_message	boolean	If true, each message must be authenticated.
services.ipmi.capabilities.auth_status.has_anonymous_users	boolean	If true, the server has anonymous users.
services.ipmi.capabilities.auth_status.has_named_users	boolean	If true, the server supports named users.
services.ipmi.capabilities.auth_status.two_key_login_required	boolean	The KG field.
services.ipmi.capabilities.auth_status.user_auth_disabled	boolean	If true, user authentication is disabled.
services.ipmi.capabilities.channel_number	integer	The response channel number
services.ipmi.capabilities.completion_code.name	text	The human-readable name of the code
services.ipmi.capabilities.completion_code.raw	integer	The raw completion code
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5	boolean	True if IPMI v1.5 is supported
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0	boolean	True if IPMI v2.0 is supported
services.ipmi.capabilities.oem_data	integer	The OEM-specific data
services.ipmi.capabilities.oem_id	text	The 3-byte OEM identifier
services.ipmi.capabilities.supported_auth_types.extended	boolean	If true, the extended capabilities are present.
services.ipmi.capabilities.supported_auth_types.md2	boolean	True if the MD2 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.md5	boolean	True if the MD5 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.none	boolean	True if the None AuthType is supported.
services.ipmi.capabilities.supported_auth_types.oem_proprietary	boolean	True if the OEM Proprietary AuthType is supported
services.ipmi.capabilities.supported_auth_types.password	boolean	True if the Password AuthType is supported.
services.ipmi.capabilities.supported_auth_types.raw	integer	The raw byte, with the bit mask etc
services.ipmi.command_payload.checksum_error	boolean	This is set to true if the values of chk1 / chk2 do not match the command data
services.ipmi.command_payload.data	text	The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse
services.ipmi.command_payload.ipmi_command_number.name	text	The human-readable name of the cmd + NetFn
services.ipmi.command_payload.ipmi_command_number.raw	integer	The raw value of the cmd value
services.ipmi.command_payload.network_function_code.logical_unit_number.name	text	The human-readable name of the LUN
services.ipmi.command_payload.network_function_code.logical_unit_number.raw	integer	The value of the LUN (3 bits)
services.ipmi.command_payload.network_function_code.net_fn.is_request	boolean	True if the least-significant bit is zero
services.ipmi.command_payload.network_function_code.net_fn.is_response	boolean	True if the least-significant bit is one
services.ipmi.command_payload.network_function_code.net_fn.name	text	The human-readable name of the NetFn
services.ipmi.command_payload.network_function_code.net_fn.raw	integer	The raw value of the NetFn (6 bits, least significant indicates request/response)
services.ipmi.command_payload.network_function_code.net_fn.value	integer	The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even)
services.ipmi.command_payload.network_function_code.raw	integer	The raw value of the (NetFn << 2) | LUN
services.ipmi.command_payload.requestor_sequence_number	integer	The request sequence number.
services.ipmi.raw	text	The raw data returned by the server
services.ipmi.rmcp_header.message_class.class	integer	Just the class part of the byte (lower 5 bits of raw)
services.ipmi.rmcp_header.message_class.is_ack	boolean	True if the message is an acknowledgment to a previous message.
services.ipmi.rmcp_header.message_class.name	text	The human-readable name of the message class
services.ipmi.rmcp_header.message_class.raw	integer	The raw message class byte.
services.ipmi.rmcp_header.sequence_number	integer	Sequence number of this packet in the session.
services.ipmi.rmcp_header.version	integer	The version. This scanner supports version 6.
services.ipmi.session_header.auth_code	text	The 16-byte authentication code; not present if auth_type is None.
services.ipmi.session_header.auth_type.name	text	The raw value of the auth_type
services.ipmi.session_header.auth_type.raw	integer	The raw value of the auth_type
services.ipmi.session_header.auth_type.type	integer	Just the auth type (reserved bits omitted)
services.ipmi.session_header.session_id	long	The ID of this sessiod.
services.ipmi.session_header.session_sequence_number	long	The session sequence number of this packet in the session

UPNP

Path	Type	Docs
services.upnp.devices.device_type	text
services.upnp.devices.friendly_name	text
services.upnp.devices.id	integer	Censys-generated IDs representing a device tree
services.upnp.devices.manufacturer	text
services.upnp.devices.manufacturer_url	text
services.upnp.devices.model_description	text
services.upnp.devices.model_name	text
services.upnp.devices.model_number	text
services.upnp.devices.model_url	text
services.upnp.devices.parent_id	integer
services.upnp.devices.presentation_url	text
services.upnp.devices.serial_number	text
services.upnp.devices.service_list.control_url	text
services.upnp.devices.service_list.event_sub_url	text
services.upnp.devices.service_list.scpd_url	text
services.upnp.devices.service_list.service_id	text
services.upnp.devices.service_list.service_type	text
services.upnp.devices.udn	text
services.upnp.devices.upc	text
services.upnp.endpoint	text
services.upnp.headers	nested
services.upnp.headers.key	text
services.upnp.headers.value.headers	text
services.upnp.spec.major	text
services.upnp.spec.minor	text

MQTT

Path	Type	Docs
services.mqtt.connection_ack_raw	text	Raw CONNACK response packet
services.mqtt.connection_ack_return.raw	unsigned_long	Raw connect status value
services.mqtt.connection_ack_return.return_value	text	Connection status
services.mqtt.subscription_ack_return.raw	unsigned_long	Raw subscription response value
services.mqtt.subscription_ack_return.return_value	text	Subscription response

FOX

Path	Type	Docs
services.fox.app_name	text
services.fox.app_version	text
services.fox.auth_agent_type	text
services.fox.brand_id	text
services.fox.host_address	text
services.fox.hostid	text
services.fox.hostname	text
services.fox.id	unsigned_long
services.fox.language	text
services.fox.os_name	text
services.fox.os_version	text
services.fox.station_name	text
services.fox.sys_info	text
services.fox.time_zone	text
services.fox.version	text
services.fox.vm_name	text
services.fox.vm_uuid	text
services.fox.vm_version	text

ELASTICSEARCH

Path	Type	Docs
services.elasticsearch.http_info.headers	nested
services.elasticsearch.http_info.headers.key	text
services.elasticsearch.http_info.headers.value.headers	text
services.elasticsearch.http_info.status	text
services.elasticsearch.http_info.status_code	integer
services.elasticsearch.node_info.cluster_combined_info.filesystem.available	text	Human-friendly available size
services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes	unsigned_long	Available size in bytes
services.elasticsearch.node_info.cluster_combined_info.filesystem.free	text	Human-friendly free size
services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes	unsigned_long	Free size in bytes
services.elasticsearch.node_info.cluster_combined_info.filesystem.total	text	Human-friendly total size
services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes	unsigned_long	Total size in bytes
services.elasticsearch.node_info.cluster_combined_info.indices.count	unsigned_long	Total number of indices with shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.docs.count	unsigned_long	Total number of non-deleted documents across all primary shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted	unsigned_long	Total number of deleted documents across all primary shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes	unsigned_long	A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities
services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes	unsigned_long	Total size, in bytes, of all shards assigned to selected nodes
services.elasticsearch.node_info.cluster_combined_info.name	text
services.elasticsearch.node_info.cluster_combined_info.status	text
services.elasticsearch.node_info.cluster_combined_info.timestamp	unsigned_long
services.elasticsearch.node_info.cluster_combined_info.uuid	text
services.elasticsearch.node_info.nodes.node_data.build_flavor	text
services.elasticsearch.node_info.nodes.node_data.build_hash	text
services.elasticsearch.node_info.nodes.node_data.build_type	text
services.elasticsearch.node_info.nodes.node_data.host	text
services.elasticsearch.node_info.nodes.node_data.ingest_processors	text
services.elasticsearch.node_info.nodes.node_data.ip	ip
services.elasticsearch.node_info.nodes.node_data.jvm.gc	text
services.elasticsearch.node_info.nodes.node_data.jvm.input_args	text
services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools	text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time	text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms	unsigned_long
services.elasticsearch.node_info.nodes.node_data.jvm.version	text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_name	text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor	text
services.elasticsearch.node_info.nodes.node_data.jvm.vm_version	text
services.elasticsearch.node_info.nodes.node_data.modules.class_name	text
services.elasticsearch.node_info.nodes.node_data.modules.desc	text
services.elasticsearch.node_info.nodes.node_data.modules.elastic_version	text
services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins	text
services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl	boolean
services.elasticsearch.node_info.nodes.node_data.modules.java_version	text
services.elasticsearch.node_info.nodes.node_data.modules.name	text
services.elasticsearch.node_info.nodes.node_data.modules.version	text
services.elasticsearch.node_info.nodes.node_data.name	text
services.elasticsearch.node_info.nodes.node_data.os.allocated_proc	integer
services.elasticsearch.node_info.nodes.node_data.os.arch	text
services.elasticsearch.node_info.nodes.node_data.os.available_proc	integer
services.elasticsearch.node_info.nodes.node_data.os.name	text
services.elasticsearch.node_info.nodes.node_data.os.pretty_name	text
services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms	unsigned_long
services.elasticsearch.node_info.nodes.node_data.os.version	text
services.elasticsearch.node_info.nodes.node_data.roles	text
services.elasticsearch.node_info.nodes.node_data.settings.cluster_name	text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled	text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory	text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs	text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed	text
services.elasticsearch.node_info.nodes.node_data.settings.node.name	text
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive	text
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max	integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min	integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size	integer
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type	text
services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer	unsigned_long
services.elasticsearch.node_info.nodes.node_data.version	text
services.elasticsearch.node_info.nodes.node_name	text
services.elasticsearch.system_info.cluster_uuid	text	Cluster UUID
services.elasticsearch.system_info.name	text	Cluster Name
services.elasticsearch.system_info.tagline	text	Elasticsearch identifying tagline
services.elasticsearch.system_info.version.build_date	text
services.elasticsearch.system_info.version.build_flavor	text
services.elasticsearch.system_info.version.build_hash	text
services.elasticsearch.system_info.version.build_snapshot	boolean
services.elasticsearch.system_info.version.build_type	text
services.elasticsearch.system_info.version.lucene_version	text
services.elasticsearch.system_info.version.min_idx_compat_ver	text
services.elasticsearch.system_info.version.min_wire_compat_ver	text
services.elasticsearch.system_info.version.number	text	ES Cluster version

SKINNY

Path	Type	Docs
services.skinny.response	text

NTP

Path	Type	Docs
services.ntp.get_time_header.leap_indicator	unsigned_long
services.ntp.get_time_header.mode	unsigned_long
services.ntp.get_time_header.poll	integer
services.ntp.get_time_header.precision	integer
services.ntp.get_time_header.reference_id	text
services.ntp.get_time_header.stratum	unsigned_long
services.ntp.get_time_header.version	unsigned_long

MODBUS

Path	Type	Docs
services.modbus.exception_response.exception_function	unsigned_long
services.modbus.exception_response.exception_type	unsigned_long
services.modbus.function	unsigned_long
services.modbus.mei_response.conformity_level	long
services.modbus.mei_response.more_follows	boolean
services.modbus.mei_response.objects	nested
services.modbus.mei_response.objects.key	text
services.modbus.mei_response.objects.value	text
services.modbus.unit_id	long

KUBERNETES

Path	Type	Docs
services.kubernetes.endpoints.name	text
services.kubernetes.endpoints.self_link	text
services.kubernetes.endpoints.subsets.addresses.hostname	text
services.kubernetes.endpoints.subsets.addresses.ip	ip
services.kubernetes.endpoints.subsets.addresses.node_name	text
services.kubernetes.endpoints.subsets.ports.name	text
services.kubernetes.endpoints.subsets.ports.port	unsigned_long
services.kubernetes.endpoints.subsets.ports.protocol	text
services.kubernetes.kubernetes_dashboard_found	boolean	True if the dashboard is running and accessible
services.kubernetes.nodes.addresses.address	keyword	Node address, IP/URL.
services.kubernetes.nodes.addresses.address_type	text	Node address type, one of Hostname, ExternalIP or InternalIP.
services.kubernetes.nodes.architecture	text	The Architecture reported by the node.
services.kubernetes.nodes.container_runtime_version	text	ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
services.kubernetes.nodes.images	text	List of container images on this node
services.kubernetes.nodes.kernel_version	text	Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
services.kubernetes.nodes.kube_proxy_version	text	KubeProxy Version reported by the node.
services.kubernetes.nodes.kubelet_version	text	Kubelet Version reported by the node.
services.kubernetes.nodes.name	text
services.kubernetes.nodes.operating_system	text	The Operating System reported by the node.
services.kubernetes.nodes.os_image	text	OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
services.kubernetes.pod_names	text
services.kubernetes.roles.name	text
services.kubernetes.roles.rules.api_groups	text	APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
services.kubernetes.roles.rules.resources	text	Resources is a list of resources this rule applies to. ResourceAll represents all resources
services.kubernetes.roles.rules.verbs	text	Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
services.kubernetes.version_info.build_date	text	Date version was built.
services.kubernetes.version_info.compiler	text	Go Compiler used
services.kubernetes.version_info.git_commit	text	Git commit version built from.
services.kubernetes.version_info.git_tree_state	text	State of the tree when built.
services.kubernetes.version_info.git_version	text
services.kubernetes.version_info.go_version	text	Version of GO used to build version.
services.kubernetes.version_info.major	text	Kubernetes major version
services.kubernetes.version_info.minor	text	Kubernetes minor version
services.kubernetes.version_info.platform	text	Platform compiled for

SNMP

Path	Type	Docs
services.snmp.oid_interfaces.num_ifaces	unsigned_long	1.3.6.1.2.1.2.1 - Number of network interfaces
services.snmp.oid_physical.firmware_rev	text	1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
services.snmp.oid_physical.hardware_rev	text	1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
services.snmp.oid_physical.mfg_name	text	1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
services.snmp.oid_physical.model_name	text	1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
services.snmp.oid_physical.name	text	1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
services.snmp.oid_physical.serial_num	text	1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
services.snmp.oid_physical.software_rev	text	1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
services.snmp.oid_system.contact	text	1.3.6.1.2.1.1.4 - Contact info
services.snmp.oid_system.desc	text	1.3.6.1.2.1.1.1 - Description of entity
services.snmp.oid_system.init_time	unsigned_long	1.3.6.1.2.1.1.3 - 1/100ths of sec
services.snmp.oid_system.location	text	1.3.6.1.2.1.1.6 - Physical location
services.snmp.oid_system.name	text	1.3.6.1.2.1.1.5 - Name, usually FQDN
services.snmp.oid_system.object_id	text	1.3.6.1.2.1.1.2 - Vendor ID
services.snmp.oid_system.services.layer_1	boolean	Physical (e.g. repeaters)
services.snmp.oid_system.services.layer_2	boolean	Datalink/subnetwork (e.g. bridges)
services.snmp.oid_system.services.layer_3	boolean	Internet (e.g. IP gateways)
services.snmp.oid_system.services.layer_4	boolean	End-to-end (e.g. IP hosts)
services.snmp.oid_system.services.layer_5	boolean	OSI layer 5
services.snmp.oid_system.services.layer_6	boolean	OSI layer 6
services.snmp.oid_system.services.layer_7	boolean	Applications (e.g. mail relays)

DNP3

Path	Type	Docs
services.dnp3.banner	text

SMTP

Path	Type	Docs
services.smtp.banner	text	The STMP banner.
services.smtp.ehlo	text	The server's response to the EHLO command.
services.smtp.start_tls	text	The server's response to the STARTTLS command.

RDP

Path	Type	Docs
services.rdp.certificate_info.internal_x509_chain_fps	keyword
services.rdp.certificate_info.proprietary_rsa_key.key_length	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.magic	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.modulus	text
services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.public_exponent	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.signature	text
services.rdp.connect_response.connect_id	unsigned_long
services.rdp.connect_response.domain_parameters.domain_protocol_version	long
services.rdp.connect_response.domain_parameters.max_channel_ids	long
services.rdp.connect_response.domain_parameters.max_mcspdu_size	long
services.rdp.connect_response.domain_parameters.max_provider_height	long
services.rdp.connect_response.domain_parameters.max_token_ids	long
services.rdp.connect_response.domain_parameters.max_user_id_channels	long
services.rdp.connect_response.domain_parameters.min_throughput	long
services.rdp.connect_response.domain_parameters.num_priorities	long
services.rdp.protocol_flags.dynvc_graphics_pipeline	boolean
services.rdp.protocol_flags.extended_client_data_supported	boolean
services.rdp.protocol_flags.neg_resp_reserved	boolean
services.rdp.protocol_flags.restricted_admin_mode	boolean
services.rdp.protocol_flags.restricted_auth_mode	boolean
services.rdp.selected_security_protocol.credssp	boolean
services.rdp.selected_security_protocol.credssp_early_auth	boolean
services.rdp.selected_security_protocol.error	boolean
services.rdp.selected_security_protocol.error_bad_flags	boolean
services.rdp.selected_security_protocol.error_hybrid_required	boolean
services.rdp.selected_security_protocol.error_ssl_cert_missing	boolean
services.rdp.selected_security_protocol.error_ssl_forbidden	boolean
services.rdp.selected_security_protocol.error_ssl_required	boolean
services.rdp.selected_security_protocol.error_ssl_user_auth_required	boolean
services.rdp.selected_security_protocol.error_unknown	boolean
services.rdp.selected_security_protocol.raw_value	unsigned_long
services.rdp.selected_security_protocol.rdstls	boolean
services.rdp.selected_security_protocol.standard_rdp	boolean
services.rdp.selected_security_protocol.tls	boolean
services.rdp.version.major	integer
services.rdp.version.minor	integer
services.rdp.version.raw	unsigned_long	Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes.
services.rdp.x224_cc_pdu_srcref	unsigned_long

POP3

Path	Type	Docs
services.pop3.banner	text	The POP3 banner.
services.pop3.start_tls	text	The server's response to the STARTTLS command.

OPENVPN

Path	Type	Docs
services.openvpn.accepts_v1	boolean
services.openvpn.accepts_v2	boolean

ORACLE

Path	Type	Docs
services.oracle.accept_version	unsigned_long	The protocol version number from the Accept packet.
services.oracle.connect_flags0	nested	The first set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags0.key	text
services.oracle.connect_flags0.value	boolean
services.oracle.connect_flags1	nested	The second set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags1.key	text
services.oracle.connect_flags1.value	boolean
services.oracle.did_resend	boolean	True if the server sent a Resend packet request in response to the client's first Connect packet.
services.oracle.global_service_options	nested	Set of flags that the server returns in the Accept packet.
services.oracle.global_service_options.key	text
services.oracle.global_service_options.value	boolean
services.oracle.nsn_service_versions	nested	A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
services.oracle.nsn_service_versions.key	text
services.oracle.nsn_service_versions.value	text
services.oracle.nsn_version	text	The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.
services.oracle.redirect_target.key	text
services.oracle.redirect_target.value	text
services.oracle.redirect_target_raw	text	The connect descriptor returned by the server in the Redirect packet, if one is sent.
services.oracle.refuse_error.key	text
services.oracle.refuse_error.value	text
services.oracle.refuse_error_raw	text	The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.
services.oracle.refuse_reason_app	text	The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_reason_sys	text	The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_version	text	The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.

SIP

Path	Type	Docs
services.sip.code	integer
services.sip.server	text	Server software reported by service
services.sip.status	text
services.sip.version	text	SIP version

SSDP

Path	Type	Docs
services.ssdp.headers	nested
services.ssdp.headers.key	text
services.ssdp.headers.value.headers	text
services.ssdp.upnp_url	text

SMB

Path	Type	Docs
services.smb.group_name	text	Default group name
services.smb.has_ntlm	boolean	Server supports the NTLM authentication method
services.smb.native_os	text	Server-identified operating system
services.smb.negotiation_log.authentication_types	text
services.smb.negotiation_log.capabilities	unsigned_long
services.smb.negotiation_log.dialect_revision	unsigned_long
services.smb.negotiation_log.header_log.command	unsigned_long
services.smb.negotiation_log.header_log.credits	unsigned_long
services.smb.negotiation_log.header_log.flags	unsigned_long
services.smb.negotiation_log.header_log.protocol_id	text
services.smb.negotiation_log.header_log.status	unsigned_long
services.smb.negotiation_log.security_mode	unsigned_long
services.smb.negotiation_log.server_guid	text
services.smb.negotiation_log.server_start_time	unsigned_long
services.smb.negotiation_log.system_time	unsigned_long
services.smb.ntlm	text	Native LAN manager
services.smb.session_setup_log.header_log.command	unsigned_long
services.smb.session_setup_log.header_log.credits	unsigned_long
services.smb.session_setup_log.header_log.flags	unsigned_long
services.smb.session_setup_log.header_log.protocol_id	text
services.smb.session_setup_log.header_log.status	unsigned_long
services.smb.session_setup_log.negotiate_flags	unsigned_long
services.smb.session_setup_log.setup_flags	unsigned_long
services.smb.session_setup_log.target_name	text
services.smb.smb_capabilities.smb_dfs_support	boolean	Server supports Distributed File System
services.smb.smb_capabilities.smb_directory_leasing_support	boolean	Server supports directory leasing
services.smb.smb_capabilities.smb_encryption_support	boolean	Server supports encryption
services.smb.smb_capabilities.smb_leasing_support	boolean	Server supports Leasing
services.smb.smb_capabilities.smb_multichan_support	boolean	Server supports multiple channels per session
services.smb.smb_capabilities.smb_multicredit_support	boolean	Server supports multi-credit operations
services.smb.smb_capabilities.smb_persistent_handle_support	boolean	Server supports persistent handles
services.smb.smb_version.major	unsigned_long	Major version
services.smb.smb_version.minor	unsigned_long	Minor version
services.smb.smb_version.revision	unsigned_long	Protocol Revision
services.smb.smb_version.version_string	text	Full SMB Version String
services.smb.smbv1_support	boolean

S7

Path	Type	Docs
services.s7.copyright	text
services.s7.cpu_profile	text
services.s7.firmware	text
services.s7.hardware	text
services.s7.location	text
services.s7.memory_serial_number	text
services.s7.module	text
services.s7.module_id	text
services.s7.module_type	text
services.s7.oem_id	text
services.s7.plant_id	text
services.s7.reserved_for_os	text
services.s7.serial_number	text
services.s7.system	text

IPP

Path	Type	Docs
services.ipp.attribute_cups_version	text	The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
services.ipp.attribute_ipp_versions	text	Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
services.ipp.attribute_printer_uris	text	Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
services.ipp.attributes.name	text
services.ipp.attributes.value_tag	unsigned_long
services.ipp.cups_response.body	text
services.ipp.cups_response.body_hashes	text
services.ipp.cups_response.body_size	integer
services.ipp.cups_response.favicons.md5_hash	keyword
services.ipp.cups_response.favicons.name	text
services.ipp.cups_response.favicons.size	integer
services.ipp.cups_response.headers	nested
services.ipp.cups_response.headers.key	text
services.ipp.cups_response.headers.value.headers	text
services.ipp.cups_response.html_tags	text
services.ipp.cups_response.html_title	text
services.ipp.cups_response.protocol	text
services.ipp.cups_response.status_code	integer
services.ipp.cups_response.status_reason	text
services.ipp.cups_version	text	The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
services.ipp.major_version	unsigned_long	Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.minor_version	unsigned_long	Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.response.body	text
services.ipp.response.body_hashes	text
services.ipp.response.body_size	integer
services.ipp.response.favicons.md5_hash	keyword
services.ipp.response.favicons.name	text
services.ipp.response.favicons.size	integer
services.ipp.response.headers	nested
services.ipp.response.headers.key	text
services.ipp.response.headers.value.headers	text
services.ipp.response.html_tags	text
services.ipp.response.html_title	text
services.ipp.response.protocol	text
services.ipp.response.status_code	integer
services.ipp.response.status_reason	text
services.ipp.version_string	text	The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'

LDAP

Path	Type	Docs
services.ldap.allows_anonymous_bind	boolean	Ability to connect with anonymous bind (empty username and password)
services.ldap.attributes.name	text	Name of the LDAP attribute in the root DN
services.ldap.attributes.values	text	Values for the respective LDAP attribute
services.ldap.resultcode	unsigned_long	Result or error code returned by LDAP instance upon bind

PPTP

Path	Type	Docs
services.pptp.bearer_message.code	unsigned_long
services.pptp.bearer_message.meaning	text
services.pptp.error_message.code	unsigned_long
services.pptp.error_message.meaning	text
services.pptp.firmware.major	unsigned_long
services.pptp.firmware.minor	unsigned_long
services.pptp.framing_message.code	unsigned_long
services.pptp.framing_message.meaning	text
services.pptp.hostname	text
services.pptp.maximum_channels	unsigned_long
services.pptp.protocol.major	unsigned_long
services.pptp.protocol.minor	unsigned_long
services.pptp.result_message.code	unsigned_long
services.pptp.result_message.meaning	text
services.pptp.vendor	text

X11

Path	Type	Docs
services.x11.refusal_reason	text
services.x11.requires_authentication	boolean
services.x11.vendor	text
services.x11.version	text

ANY_CONNECT

Path	Type	Docs
services.any_connect.aggregate_auth_version	integer	Version number indicated by the response for config-auth exchange
services.any_connect.auth_methods	text	Supported methods for users to enter credentials for this VPN
services.any_connect.groups	text	List of groups a user can authenticate with to use this VPN
services.any_connect.raw	text	XML content of the config-auth response
services.any_connect.response_type	text	Type of the response packet received after initializing the config-auth exchange

MMS

Path	Type	Docs
services.mms.model	text
services.mms.revision	text
services.mms.vendor	text

MONGODB

Path	Type	Docs
services.mongodb.build_info.build_environment.cc	text
services.mongodb.build_info.build_environment.cc_flags	text
services.mongodb.build_info.build_environment.cxx	text
services.mongodb.build_info.build_environment.cxx_flags	text
services.mongodb.build_info.build_environment.dist_arch	text
services.mongodb.build_info.build_environment.dist_mod	text
services.mongodb.build_info.build_environment.link_flags	text
services.mongodb.build_info.build_environment.target_arch	text
services.mongodb.build_info.build_environment.target_os	text
services.mongodb.build_info.git_version	text	Version of mongodb server
services.mongodb.build_info.version	text	Version of mongodb server
services.mongodb.is_master.is_master	boolean
services.mongodb.is_master.logical_session_timeout_minutes	integer
services.mongodb.is_master.max_bson_object_size	integer
services.mongodb.is_master.max_message_size_bytes	integer
services.mongodb.is_master.max_wire_version	integer
services.mongodb.is_master.max_write_batch_size	integer
services.mongodb.is_master.min_wire_version	integer
services.mongodb.is_master.read_only	boolean

FORTIGATE

Path	Type	Docs
services.fortigate.api_version	text
services.fortigate.build	integer
services.fortigate.http_info.headers	nested
services.fortigate.http_info.headers.key	text
services.fortigate.http_info.headers.value.headers	text
services.fortigate.http_info.status	text	Status message received from hitting 404 /censys.inspect.
services.fortigate.http_info.status_code	unsigned_long	Status code received from hitting /censys.inspect.
services.fortigate.serial	text
services.fortigate.status_code	integer
services.fortigate.status_msg	text
services.fortigate.version	text

MYSQL

Path	Type	Docs
services.mysql.auth_plugin_data	text	Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
services.mysql.auth_plugin_name	text	The name of the authentication plugin, returned in the initial HandshakePacket.
services.mysql.capability_flags	nested	The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.capability_flags.key	text
services.mysql.capability_flags.value	boolean
services.mysql.character_set	unsigned_long	The identifier for the character set the server is using. Returned in the initial HandshakePacket.
services.mysql.connection_id	unsigned_long	The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
services.mysql.error_code	long	Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
services.mysql.error_id	text	The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN
services.mysql.error_message	text	Optional string describing the error. Only set if there is an error.
services.mysql.protocol_version	unsigned_long	8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
services.mysql.server_version	text	The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
services.mysql.status_flags	nested	The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.status_flags.key	text
services.mysql.status_flags.value	boolean

PROMETHEUS

Path	Type	Docs
services.prometheus.http_info.headers	nested
services.prometheus.http_info.headers.key	text
services.prometheus.http_info.headers.value.headers	text
services.prometheus.http_info.status	text	Status message received from hitting /api/v1/targets.
services.prometheus.http_info.status_code	unsigned_long	Status code received from hitting /api/v1/targets.
services.prometheus.response.active_targets.discovered_labels.address	text	Address of target.
services.prometheus.response.active_targets.discovered_labels.job	text	Job of target.
services.prometheus.response.active_targets.discovered_labels.metrics_path	text	Path to metrics of target.
services.prometheus.response.active_targets.discovered_labels.scheme	text	URL scheme.
services.prometheus.response.active_targets.health	text	Whether target is up or down.
services.prometheus.response.active_targets.labels.instance	text	Instance after relabelling has occurred.
services.prometheus.response.active_targets.labels.job	text	Job of target after relabelling has occurred.
services.prometheus.response.active_targets.last_error	text	Last error that occurred within target.
services.prometheus.response.active_targets.last_scrape	text	Last time Prometheus scraped target.
services.prometheus.response.active_targets.scrape_url	text	URL that Prometheus scraped.
services.prometheus.response.all_versions	text	List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
services.prometheus.response.config_exposed	boolean	True when the config endpoint is exposed.
services.prometheus.response.dropped_targets.address	text	Address of target.
services.prometheus.response.dropped_targets.job	text	Job of target.
services.prometheus.response.dropped_targets.metrics_path	text	Path to metrics of target.
services.prometheus.response.dropped_targets.scheme	text	URL scheme.
services.prometheus.response.go_versions	text	List of the versions of Go.
services.prometheus.response.prometheus_versions.go_version	text	Version of Go used to build Prometheus.
services.prometheus.response.prometheus_versions.revision	text	Revision of Prometheus.
services.prometheus.response.prometheus_versions.version	text	Version of Prometheus.

AMQP

Path	Type	Docs
services.amqp.explicit_tls	boolean	Connected via a TLS connection after initial handshake
services.amqp.implicit_tls	boolean	Connected via a TLS wrapped connection (AMQPS)
services.amqp.protocol_id.id	unsigned_long
services.amqp.protocol_id.name	text
services.amqp.version.major	unsigned_long
services.amqp.version.minor	unsigned_long
services.amqp.version.revision	unsigned_long

PC_ANYWHERE

Path	Type	Docs
services.pc_anywhere.name	text	Workstation Name, with padding bytes removed
services.pc_anywhere.nr	text	Full 'NR' query response
services.pc_anywhere.status.in_use	boolean	Workstation is In Use if true, Available if false
services.pc_anywhere.status.raw	text	Full 'ST' query response

IMAP

Path	Type	Docs
services.imap.banner	text	The IMAP banner.
services.imap.start_tls	text	The server's response to the STARTTLS command.

VNC

Path	Type	Docs
services.vnc.connection_failed_reason	text	If server terminates handshake, the reason offered (if any)
services.vnc.desktop_name	text	Desktop name provided by the server, capped at 255 bytes
services.vnc.pixel_encoding.name	text
services.vnc.pixel_encoding.value	integer
services.vnc.screen_info.height	unsigned_long
services.vnc.screen_info.name_len	unsigned_long
services.vnc.screen_info.pixel_format.big_endian	boolean	If pixel RGB data are in big-endian
services.vnc.screen_info.pixel_format.bits_per_pixel	unsigned_long	How many bits in a single full pixel datum. Valid values are: 8, 16, 32
services.vnc.screen_info.pixel_format.blue_max	unsigned_long	Max value of blue pixel
services.vnc.screen_info.pixel_format.blue_shift	unsigned_long	How many bits to right shift a pixel datum to get blue bits in lsb
services.vnc.screen_info.pixel_format.depth	unsigned_long	Color depth
services.vnc.screen_info.pixel_format.green_max	unsigned_long	Max value of green pixel
services.vnc.screen_info.pixel_format.green_shift	unsigned_long	How many bits to right shift a pixel datum to get green bits in lsb
services.vnc.screen_info.pixel_format.padding1	unsigned_long
services.vnc.screen_info.pixel_format.padding2	unsigned_long
services.vnc.screen_info.pixel_format.padding3	unsigned_long
services.vnc.screen_info.pixel_format.red_max	unsigned_long	Max value of red pixel
services.vnc.screen_info.pixel_format.red_shift	unsigned_long	How many bits to right shift a pixel datum to get red bits in lsb
services.vnc.screen_info.pixel_format.true_color	boolean	If false, color maps are used
services.vnc.screen_info.width	unsigned_long
services.vnc.security_types.name	text
services.vnc.security_types.value	integer
services.vnc.version	text

IKE

Path	Type	Docs
services.ike.v1.accepted_proposal	boolean	Did the host accept our security proposal? When false, the host responded with an error.
services.ike.v1.notify_message_types	unsigned_long	Which types of NOTIFY messages did the host send us?
services.ike.v1.vendor_ids	text	The list of Vendor ID "extensions" the host claimed to support in its handshake
services.ike.v2.accepted_proposal	boolean
services.ike.v2.notify_message_types	unsigned_long
services.ike.v2.vendor_ids	text

COAP

Path	Type	Docs
services.coap.code	text
services.coap.message_id	unsigned_long
services.coap.message_type	text
services.coap.payload	text
services.coap.token	text
services.coap.version	unsigned_long

MSSQL

Path	Type	Docs
services.mssql.encrypt_mode	text	The negotiated ENCRYPT_MODE with the server
services.mssql.instance_name	text
services.mssql.prelogin_options.encrypt_mode	text
services.mssql.prelogin_options.fed_auth_required	boolean
services.mssql.prelogin_options.instance	text
services.mssql.prelogin_options.mars	boolean
services.mssql.prelogin_options.nonce	text
services.mssql.prelogin_options.server_version.build_number	unsigned_long
services.mssql.prelogin_options.server_version.major	unsigned_long
services.mssql.prelogin_options.server_version.minor	unsigned_long
services.mssql.prelogin_options.thread_id	unsigned_long
services.mssql.prelogin_options.trace_id	text
services.mssql.prelogin_options.unknown.key	unsigned_long
services.mssql.prelogin_options.unknown.value	text
services.mssql.version	text

REDIS

Path	Type	Docs
services.redis.arch_bits	text	The architecture bits (32 or 64) the Redis server used to build.
services.redis.auth_response	text	The response from the AUTH command, if sent.
services.redis.build_id	text	The Build ID of the Redis server.
services.redis.commands	text	The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
services.redis.commands_processed	unsigned_long	The total number of commands processed by the server.
services.redis.connections_received	unsigned_long	The total number of connections accepted by the server.
services.redis.gcc_version	text	The version of the GCC compiler used to compile the Redis server.
services.redis.git_sha1	text	The Sha-1 Git commit hash the Redis server used.
services.redis.info_response.key	text
services.redis.info_response.value	text
services.redis.major	unsigned_long	Major is the version's major number.
services.redis.mem_allocator	text	The memory allocator.
services.redis.minor	unsigned_long	Minor is the version's major number.
services.redis.mode	text	The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
services.redis.nonexistent_response	text	The response from the NONEXISTENT command.
services.redis.os	text	The OS the Redis server is running, read from the the info_response (if available).
services.redis.patch_level	unsigned_long	Patchlevel is the version's patchlevel number.
services.redis.ping_response	text	The response from the PING command; should either be "PONG" or an authentication error.
services.redis.quit_response	text	The response to the QUIT command.
services.redis.raw_command_output.output	text
services.redis.uptime	unsigned_long	The number of seconds since Redis server start.
services.redis.used_memory	unsigned_long	The total number of bytes allocated by Redis using its allocator.

POSTGRES

Path	Type	Docs
services.postgres.authentication_mode.mode	text
services.postgres.authentication_mode.payload	text
services.postgres.protocol_error	nested
services.postgres.protocol_error.key	text
services.postgres.protocol_error.value	text
services.postgres.startup_error	nested
services.postgres.startup_error.key	text
services.postgres.startup_error.value	text
services.postgres.supported_versions	text
services.postgres.transaction_status	text

BACNET

Path	Type	Docs
services.bacnet.application_software_revision	text
services.bacnet.description	text
services.bacnet.firmware_revision	text
services.bacnet.instance_number	unsigned_long
services.bacnet.location	text
services.bacnet.model_name	text
services.bacnet.object_name	text
services.bacnet.vendor_id	unsigned_long
services.bacnet.vendor_name	text

MEMCACHED

Path	Type	Docs
services.memcached.ascii_binding_protocol_enabled	boolean	True if the server responds to the ascii version of the memcached protocol.
services.memcached.binary_binding_protocol_enabled	boolean	True if the server responds to the binary version of the memcached protocol.
services.memcached.responds_to_udp	boolean	True if the server responds UDP.
services.memcached.stats	nested	Server Stats
services.memcached.stats.key	text
services.memcached.stats.value	text
services.memcached.version	text	Memcached Version

CWMP

Path	Type	Docs
services.cwmp.http_info.body	text
services.cwmp.http_info.body_hashes	text
services.cwmp.http_info.body_size	integer
services.cwmp.http_info.favicons.md5_hash	keyword
services.cwmp.http_info.favicons.name	text
services.cwmp.http_info.favicons.size	integer
services.cwmp.http_info.headers	nested
services.cwmp.http_info.headers.key	text
services.cwmp.http_info.headers.value.headers	text
services.cwmp.http_info.html_tags	text
services.cwmp.http_info.html_title	text
services.cwmp.http_info.protocol	text
services.cwmp.http_info.status_code	integer
services.cwmp.http_info.status_reason	text