summaryrefslogtreecommitdiff
path: root/schema/flow_event_schema.json
diff options
context:
space:
mode:
Diffstat (limited to 'schema/flow_event_schema.json')
-rw-r--r--schema/flow_event_schema.json1548
1 files changed, 1548 insertions, 0 deletions
diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json
new file mode 100644
index 000000000..b54a93a47
--- /dev/null
+++ b/schema/flow_event_schema.json
@@ -0,0 +1,1548 @@
+{
+ "type": "object",
+ "required": [
+ "alias",
+ "source",
+ "thread_id",
+ "packet_id",
+ "flow_event_id",
+ "flow_event_name",
+ "flow_id",
+ "flow_state",
+ "flow_src_packets_processed",
+ "flow_dst_packets_processed",
+ "flow_first_seen",
+ "flow_src_last_pkt_time",
+ "flow_dst_last_pkt_time",
+ "flow_idle_time",
+ "flow_src_min_l4_payload_len",
+ "flow_dst_min_l4_payload_len",
+ "flow_src_max_l4_payload_len",
+ "flow_dst_max_l4_payload_len",
+ "flow_src_tot_l4_payload_len",
+ "flow_dst_tot_l4_payload_len",
+ "l3_proto",
+ "l4_proto",
+ "midstream",
+ "thread_ts_usec",
+ "src_ip",
+ "dst_ip"
+ ],
+
+ "if": {
+ "properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } }
+ },
+ "then": {
+ "required": [ "flow_datalink", "flow_max_packets" ]
+ },
+
+ "if": {
+ "properties": { "flow_event_name": { "enum": [ "analyse" ] } }
+ },
+ "then": {
+ "required": [ "data_analysis" ]
+ },
+
+ "if": {
+ "properties": { "flow_state": { "enum": [ "finished" ] } }
+ },
+ "then": {
+ "required": [ "ndpi" ]
+ },
+
+ "if": {
+ "properties": { "flow_event_name": { "enum": [ "guessed", "detected",
+ "detection-update", "not-detected" ] } }
+ },
+ "then": {
+ "required": [ "ndpi" ]
+ },
+
+ "properties": {
+ "alias": {
+ "type": "string"
+ },
+ "source": {
+ "type": "string"
+ },
+ "thread_id": {
+ "type": "number",
+ "minimum": 0,
+ "maximum": 31
+ },
+ "packet_id": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_event_id": {
+ "type": "number",
+ "minimum": 0,
+ "maximum": 9
+ },
+ "flow_event_name": {
+ "type": "string",
+ "enum": [
+ "invalid",
+ "new",
+ "end",
+ "idle",
+ "update",
+ "analyse",
+ "guessed",
+ "detected",
+ "detection-update",
+ "not-detected"
+ ]
+ },
+ "flow_id": {
+ "type": "number",
+ "minimum": 1
+ },
+ "flow_state": {
+ "type": "string",
+ "enum": [
+ "finished",
+ "info"
+ ]
+ },
+ "flow_datalink": {
+ "type": "number",
+ "minimum": 0,
+ "maximum": 292
+ },
+ "flow_src_packets_processed": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_dst_packets_processed": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_max_packets": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_first_seen": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_src_last_pkt_time": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_dst_last_pkt_time": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_idle_time": {
+ "type": "number",
+ "minimum": 1
+ },
+ "flow_src_min_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_dst_min_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_src_max_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_dst_max_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_src_tot_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "flow_dst_tot_l4_payload_len": {
+ "type": "number",
+ "minimum": 0
+ },
+ "l3_proto": {
+ "type": "string",
+ "enum": [
+ "ip4",
+ "ip6",
+ "unknown"
+ ]
+ },
+ "l4_proto": {
+ "oneOf": [
+ {
+ "type": "number"
+ },
+ {
+ "type": "string",
+ "enum": [
+ "tcp",
+ "udp",
+ "icmp",
+ "icmp6"
+ ]
+ }
+ ]
+ },
+ "midstream": {
+ "type": "number",
+ "minimum": 0,
+ "maximum": 1
+ },
+ "thread_ts_usec": {
+ "type": "number",
+ "minimum": 0
+ },
+ "src_ip": {
+ "type": "string",
+ "anyOf" : [
+ { "format": "ipv4" },
+ { "format": "ipv6" }
+ ]
+ },
+ "dst_ip": {
+ "type": "string",
+ "anyOf" : [
+ { "format": "ipv4" },
+ { "format": "ipv6" }
+ ]
+ },
+ "src_port": {
+ "type": "number",
+ "minimum": 1,
+ "maximum": 65535
+ },
+ "dst_port": {
+ "type": "number",
+ "minimum": 1,
+ "maximum": 65535
+ },
+ "ndpi": {
+ "type": "object",
+ "required": [ "proto", "proto_id", "breed", "encrypted" ],
+
+ "properties": {
+ "proto": {
+ "type": "string"
+ },
+ "proto_id": {
+ "type": "string"
+ },
+ "proto_by_ip": {
+ "type": "string"
+ },
+ "proto_by_ip_id": {
+ "type": "number"
+ },
+ "category": {
+ "type": "string",
+ "enum": [
+ "Unspecified", "Media", "VPN", "Email", "DataTransfer",
+ "Web", "SocialNetwork", "Download", "Game", "Chat", "VoIP",
+ "Database", "RemoteAccess", "Cloud", "Network", "Collaborative",
+ "RPC", "Streaming", "System", "SoftwareUpdate", "Music", "Video",
+ "Shopping", "Productivity", "FileSharing", "ConnCheck", "IoT-Scada",
+ "VirtAssistant", "Cybersecurity", "AdultContent", "Mining", "Malware",
+ "Advertisement", "Banned_Site", "Site_Unavailable", "Allowed_Site",
+ "Antimalware", "Crypto_Currency", "Gambling"
+ ]
+ },
+ "category_id": {
+ "type": "number"
+ },
+ "encrypted": {
+ "type": "number",
+ "enum": [
+ 0,
+ 1
+ ]
+ },
+ "breed": {
+ "type": "string",
+ "enum": [
+ "Safe", "Acceptable", "Fun", "Unsafe",
+ "Potentially Dangerous", "Tracker/Ads",
+ "Dangerous", "Unrated"
+ ]
+ },
+ "flow_risk": {
+ "type": "object",
+ "properties": {
+ "1": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "XSS Attack" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "2": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "SQL Injection" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "3": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "RCE Injection" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "4": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Binary App Transfer" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "5": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Known Proto on Non Std Port" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "6": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Self-signed Cert" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "7": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Obsolete TLS (v1.1 or older)" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "8": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Weak TLS Cipher" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "9": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Cert Expired" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "10": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Cert Mismatch" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "11": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP Susp User-Agent" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "12": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP/TLS/QUIC Numeric Hostname/SNI" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "13": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP Susp URL" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "14": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP Susp Header" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "15": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS (probably) Not Carrying HTTPS" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "16": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Susp DGA Domain name" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "17": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Malformed Packet" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "18": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "SSH Obsolete Cli Vers/Cipher" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "19": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "SSH Obsolete Ser Vers/Cipher" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "20": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "SMB Insecure Vers" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "21": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Susp ESNI Usage" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "22": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Unsafe Protocol" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "23": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Susp DNS Traffic" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "24": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Missing SNI TLS Extn" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "25": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP Susp Content" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "26": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Risky ASN" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "27": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Risky Domain Name" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "28": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Malicious JA3 Fingerp." ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "29": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Malicious SSL Cert/SHA1 Fingerp." ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "30": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Desktop/File Sharing" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "31": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Uncommon TLS ALPN" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "32": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Cert Validity Too Long" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "33": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Susp Extn" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "34": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Fatal Alert" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "35": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Susp Entropy" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "36": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Clear-Text Credentials" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "37": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Large DNS Packet (512+ bytes)" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "38": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Fragmented DNS Message" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "39": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Non-Printable/Invalid Chars Detected" ] },
+ "severity": { "type": "string", "enum": [ "High" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "40": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Possible Exploit Attempt" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "41": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TLS Cert About To Expire" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "42": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "IDN Domain Name" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "43": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Error Code" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "44": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Crawler/Bot" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "45": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Anonymous Subscriber" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "46": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Unidirectional Traffic" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "47": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "HTTP Obsolete Server" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "48": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Periodic Flow" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "49": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Minor Issues" ] },
+ "severity": { "type": "string", "enum": [ "Low" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "50": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "TCP Connection Issues" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "51": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Fully Encrypted Flow" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "52": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "ALPN/SNI Mismatch" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "53": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Client Contacted A Malware Host" ] },
+ "severity": { "type": "string", "enum": [ "Severe" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "54": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Binary File/Data Transfer (Attempt)" ] },
+ "severity": { "type": "string", "enum": [ "Medium" ] },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "55": {
+ "type": "object",
+ "required": [ "risk", "severity", "risk_score" ],
+ "properties": {
+ "risk": { "type": "string", "enum": [ "Probing Attempt" ] },
+ "severity": { "type": "string" },
+ "risk_score": {
+ "type": "object",
+ "required": [ "total", "client", "server" ],
+ "properties": {
+ "total": { "type": "number", "minimum": 10, "maximum": 610 },
+ "client": { "type": "number", "minimum": 5, "maximum": 485 },
+ "server": { "type": "number", "minimum": 5, "maximum": 130 },
+ "additionalProperties": false
+ }
+ }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+ },
+ "confidence": {
+ "type": "object",
+ "properties": {
+ "0": {
+ "type": "string",
+ "enum": [ "Unknown" ]
+ },
+ "1": {
+ "type": "string",
+ "enum": [ "Match by port" ]
+ },
+ "2": {
+ "type": "string",
+ "enum": [ "nBPF" ]
+ },
+ "3": {
+ "type": "string",
+ "enum": [ "DPI (partial)" ]
+ },
+ "4": {
+ "type": "string",
+ "enum": [ "DPI (partial cache)" ]
+ },
+ "5": {
+ "type": "string",
+ "enum": [ "DPI (cache)" ]
+ },
+ "6": {
+ "type": "string",
+ "enum": [ "DPI" ]
+ },
+ "7": {
+ "type": "string",
+ "enum": [ "Match by IP" ]
+ },
+ "8": {
+ "type": "string",
+ "enum": [ "DPI (aggressive)" ]
+ }
+ },
+ "additionalProperties": false
+ },
+ "entropy": {
+ "type": "number"
+ },
+ "hostname": {
+ "type": "string"
+ },
+ "collectd": {
+ "type": "object"
+ },
+ "dhcp": {
+ "type": "object"
+ },
+ "discord": {
+ "type": "object"
+ },
+ "bittorrent": {
+ "type": "object"
+ },
+ "mdns": {
+ "type": "object"
+ },
+ "natpmp": {
+ "type": "object"
+ },
+ "ntp": {
+ "type": "object"
+ },
+ "ubntac2": {
+ "type": "object"
+ },
+ "kerberos": {
+ "type": "object"
+ },
+ "telnet": {
+ "type": "object"
+ },
+ "tls": {
+ "type": "object"
+ },
+ "quic": {
+ "type": "object"
+ },
+ "imap": {
+ "type": "object"
+ },
+ "http": {
+ "type": "object"
+ },
+ "pop": {
+ "type": "object"
+ },
+ "smtp": {
+ "type": "object"
+ },
+ "dns": {
+ "type": "object"
+ },
+ "ftp": {
+ "type": "object"
+ },
+ "snmp": {
+ "type": "object"
+ },
+ "ssh": {
+ "type": "object"
+ },
+ "stun": {
+ "type": "object"
+ },
+ "softether": {
+ "type": "object"
+ },
+ "tftp": {
+ "type": "object"
+ },
+ "tivoconnect": {
+ "type": "object"
+ },
+ "rsh": {
+ "type": "object"
+ }
+ },
+ "additionalProperties": false
+ },
+ "data_analysis": {
+ "type": "object",
+ "required": [ "iat", "pktlen", "bins", "directions" ],
+ "properties": {
+ "iat": {
+ "type": "object",
+ "properties": {
+ "min": {
+ "type": "number"
+ },
+ "avg": {
+ "type": "number"
+ },
+ "max": {
+ "type": "number"
+ },
+ "stddev": {
+ "type": "number"
+ },
+ "var": {
+ "type": "number"
+ },
+ "ent": {
+ "type": "number"
+ },
+ "data": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "pktlen": {
+ "type": "object",
+
+ "properties": {
+ "min": {
+ "type": "number"
+ },
+ "avg": {
+ "type": "number"
+ },
+ "max": {
+ "type": "number"
+ },
+ "stddev": {
+ "type": "number"
+ },
+ "var": {
+ "type": "number"
+ },
+ "ent": {
+ "type": "number"
+ },
+ "data": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "bins": {
+ "type": "object",
+
+ "properties": {
+ "c_to_s": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ },
+ "s_to_c": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ }
+ },
+ "additionalProperties": false
+ },
+ "directions": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ },
+ "entropies": {
+ "type": "array",
+ "items": {
+ "type": "number"
+ }
+ }
+ },
+ "additionalProperties": false
+ }
+ },
+ "additionalProperties": false
+}