hi,
i'm having some issues wrapping my head around how to map this data in elasticsearch/kibana:
I'm pulling query data from VirusTotal.com's API on malware. here is a SMALL portion of a HUGE chunk of the query:
(1)
VirusTotal.data.attributes.popular_threat_classification.popular_threat_category
{
"count": 22,
"value": "trojan"
},
{
"count": 13,
"value": "ransomware"
}
VirusTotal.data.attributes.popular_threat_classification.popular_threat_name
{
"count": 9,
"value": "wanna"
},
{
"count": 7,
"value": "wannacry"
},
{
"count": 4,
"value": "cztf"
}
how would i map this ?
VirusTotal.data.attributes.popular_threat_classification.popular_threat_name
VirusTotal: Object?
--- data: Object?
------- attributes: Object?
---------- popular_threat_classification: object
---------------- popular_threat_name: nested?
------------------------- count: numberic:integer?
------------------------- value: string
---------------- popular_threat_category: nested?
------------------------- count: numberic:integer?
------------------------- value: string
(2) i also have a set of fields like this:
av_names:
['Trojan.AndroidOS.Coinminer', 'Win.Trojan.Agent-6732758-0', 'Trojan.Coinminer.Android.41', 'ANDROID/Coinminer.gcmuy', 'ELF:BitCoinMiner-FZ [PUP]', 'AppRisk:Generisk', 'ELF/Trojan.KVRC-7', 'Android.CoinMine.55', 'Malware.ANDROID/Coinminer.gcmuy', 'Trojan.Linux.Coinmine.4!c', 'Linux/Coinminer.153208', 'Android/Coinminer.X', 'RDN/Generic.dx', 'ELF/AdbMiner.X!tr', 'Mal/Generic-S', 'Win32/Virus.44a', 'Trojan.ElfArm32.CoinMine.fkgpcg', 'Coinminer_MALXMR.B-ELF32']
this is essentially an array/list of "tags", what is the proper way to label/identify it as a list of tags?
any suggestions would be appreciated