{ "type": "object", "required": [ "alias", "source", "thread_id", "packet_id", "flow_event_id", "flow_event_name", "flow_id", "flow_state", "flow_src_packets_processed", "flow_dst_packets_processed", "flow_first_seen", "flow_last_seen", "flow_idle_time", "flow_min_l4_payload_len", "flow_max_l4_payload_len", "flow_tot_l4_payload_len", "l3_proto", "l4_proto", "midstream", "thread_ts_msec", "src_ip", "dst_ip" ], "if": { "properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } } }, "then": { "required": [ "flow_datalink", "flow_max_packets" ] }, "if": { "properties": { "flow_event_name": { "enum": [ "guessed", "detected", "detection-update", "not-detected" ] } } }, "then": { "required": [ "ndpi" ] }, "if": { "properties": { "flow_state": { "enum": [ "finished" ] } } }, "then": { "required": [ "ndpi" ] }, "properties": { "alias": { "type": "string" }, "source": { "type": "string" }, "thread_id": { "type": "number", "minimum": 0, "maximum": 31 }, "packet_id": { "type": "number", "minimum": 0 }, "flow_event_id": { "type": "number", "minimum": 0, "maximum": 8 }, "flow_event_name": { "type": "string", "enum": [ "invalid", "new", "end", "idle", "update", "guessed", "detected", "detection-update", "not-detected" ] }, "flow_id": { "type": "number", "minimum": 1 }, "flow_state": { "type": "string", "enum": [ "finished", "info" ] }, "flow_datalink": { "type": "number", "minimum": 0, "maximum": 292 }, "flow_src_packets_processed": { "type": "number", "minimum": 0 }, "flow_dst_packets_processed": { "type": "number", "minimum": 0 }, "flow_max_packets": { "type": "number", "minimum": 0 }, "flow_first_seen": { "type": "number", "minimum": 0 }, "flow_last_seen": { "type": "number", "minimum": 0 }, "flow_idle_time": { "type": "number", "minimum": 1 }, "flow_min_l4_payload_len": { "type": "number" }, "flow_max_l4_payload_len": { "type": "number" }, "flow_tot_l4_payload_len": { "type": "number" }, "l3_proto": { "type": "string", "enum": [ "ip4", "ip6", "unknown" ] }, "l4_proto": { "oneOf": [ { "type": "number" }, { "type": "string", "enum": [ "tcp", "udp", "icmp", "icmp6" ] } ] }, "midstream": { "type": "number", "minimum": 0, "maximum": 1 }, "thread_ts_msec": { "type": "number", "minimum": 0 }, "src_ip": { "type": "string", "anyOf" : [ { "format": "ipv4" }, { "format": "ipv6" } ] }, "dst_ip": { "type": "string", "anyOf" : [ { "format": "ipv4" }, { "format": "ipv6" } ] }, "src_port": { "type": "number", "minimum": 1, "maximum": 65535 }, "dst_port": { "type": "number", "minimum": 1, "maximum": 65535 }, "ndpi": { "type": "object", "required": [ "proto", "breed" ], "if": { "properties": { "proto": { "enum": [ "Unknown", "Skype_Teams" ] } } }, "then": { "return": true }, "else": { "required": [ "category", "confidence" ] }, "proto": { "type": "string" }, "category": { "type": "string" }, "breed": { "type": "string" }, "flow_risk": { "type": "object" }, "confidence": { "type": "string", "enum": [ "0", "1", "2", "3", "4" ] } }, "entropy": { "type": "number" }, "dhcp": { "type": "object" }, "bittorrent": { "type": "object" }, "mdns": { "type": "object" }, "ntp": { "type": "object" }, "ubntac2": { "type": "object" }, "kerberos": { "type": "object" }, "telnet": { "type": "object" }, "tls": { "type": "object" }, "quic": { "type": "object" }, "imap": { "type": "object" }, "http": { "type": "object" }, "pop": { "type": "object" }, "smtp": { "type": "object" }, "dns": { "type": "object" }, "ftp": { "type": "object" }, "ssh": { "type": "object" } }, "additionalProperties": false }