elastic
diff --git a/‎custom_schemas/custom_api.yml
Lines changed: 0 additions & 3 deletions b/‎custom_schemas/custom_api.yml
Lines changed: 0 additions & 3 deletions
diff --git a/‎custom_schemas/custom_base.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_base.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_call_stack.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_call_stack.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_dll.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_dll.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_dns.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_dns.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_elastic.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_elastic.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_endpoint.yml
Lines changed: 0 additions & 29 deletions b/‎custom_schemas/custom_endpoint.yml
Lines changed: 0 additions & 29 deletions
diff --git a/‎custom_schemas/custom_endpoint_actions.yml
Lines changed: 0 additions & 1 deletion b/‎custom_schemas/custom_endpoint_actions.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎custom_schemas/custom_event.yml
Lines changed: 0 additions & 2 deletions b/‎custom_schemas/custom_event.yml
Lines changed: 0 additions & 2 deletions
diff --git a/‎custom_schemas/custom_file.yml
Lines changed: 0 additions & 4 deletions b/‎custom_schemas/custom_file.yml
Lines changed: 0 additions & 4 deletions
@@ -4,7 +4,6 @@
   group: 2
   short: Fields describing an API call.
   type: object
-  object_type: keyword
   description: >
     These fields describe an API call (function, or system call).
 
@@ -64,7 +63,6 @@
     - name: metadata
       level: custom
       type: object
-      object_type: keyword
       description: >
         Information related to the API call.
 
@@ -148,7 +146,6 @@
     - name: parameters
       level: custom
       type: object
-      object_type: keyword
       description: >
         Parameter values passed to the API call.
 
 
@@ -11,7 +11,6 @@
   fields:
     - name: Events
       type: object
-      object_type: keyword
       level: custom
       short: events array
       description: >
 
@@ -4,7 +4,6 @@
   group: 3
   short: Fields describing a stack frame.
   type: object
-  object_type: keyword
   description: >
     Fields describing a stack frame.  call_stack is expected to be an array where each array element represents a stack frame.
   reusable:
 
@@ -20,7 +20,6 @@
     - name: Ext
       level: custom
       type: object
-      object_type: keyword
       description: Object for all custom defined fields to live in.
 
     - name: Ext.mapped_address
 
@@ -15,7 +15,6 @@
     - name: Ext
       level: custom
       type: object
-      object_type: keyword
       description: Object for all custom defined fields to live in.
 
     - name: Ext.status
 
@@ -11,7 +11,6 @@
     - name: agent
       level: custom
       type: object
-      object_type: keyword
       description: >
         The agent fields contain data about the Elastic Agent. The Elastic Agent is the management agent
         that manages other agents or process on the host.
 
@@ -15,13 +15,11 @@
     - name: policy
       level: custom
       type: object
-      object_type: keyword
       description: The policy fields are used to hold information about applied policy.
 
     - name: policy.applied
       level: custom
       type: object
-      object_type: keyword
       description: information about the policy that is applied
 
     - name: policy.applied.actions
@@ -73,21 +71,18 @@
     - name: policy.applied.response
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: the response of actions that failed in the applied policy
 
     - name: policy.applied.response.configurations
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: the configurations of the applied policy
 
     - name: policy.applied.response.configurations.events
       level: custom
       type: object
-      object_type: keyword
       description: overall event collection configuration and status of the applied policy
 
     - name: policy.applied.response.configurations.events.concerned_actions
@@ -106,7 +101,6 @@
     - name: policy.applied.response.configurations.logging
       level: custom
       type: object
-      object_type: keyword
       description: overall logging configuration and status of the applied policy
 
     - name: policy.applied.response.configurations.logging.concerned_actions
@@ -125,7 +119,6 @@
     - name: policy.applied.response.configurations.antivirus_registration
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: overall antivirus registration configuration and status of the applied policy
 
@@ -145,7 +138,6 @@
     - name: policy.applied.response.configurations.malware
       level: custom
       type: object
-      object_type: keyword
       description: overall malware configuration and status of the applied policy
 
     - name: policy.applied.response.configurations.malware.concerned_actions
@@ -164,7 +156,6 @@
     - name: policy.applied.response.configurations.memory_protection
       level: custom
       type: object
-      object_type: keyword
       description: overall memory_protection configuration and status of the applied policy
 
     - name: policy.applied.response.configurations.memory_protection.concerned_actions
@@ -183,7 +174,6 @@
     - name: policy.applied.response.configurations.streaming
       level: custom
       type: object
-      object_type: keyword
       description: overall data streaming configuration and status of the applied policy
 
     - name: policy.applied.response.configurations.streaming.concerned_actions
@@ -254,7 +244,6 @@
     - name: policy.applied.response.diagnostic
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: the diagnostic configurations of the applied policy
 
@@ -339,14 +328,12 @@
     - name: policy.applied.artifacts
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: information about protection artifacts applied.
 
     - name: policy.applied.artifacts.global
       level: custom
       type: object
-      object_type: keyword
       description: information about global protection artifacts applied.
 
     - name: policy.applied.artifacts.global.update_age
@@ -382,7 +369,6 @@
     - name: policy.applied.artifacts.user
       level: custom
       type: object
-      object_type: keyword
       description: information about user protection artifacts applied.
 
     - name: policy.applied.artifacts.user.version
@@ -408,13 +394,11 @@
     - name: metrics
       level: custom
       type: object
-      object_type: keyword
       description: Metrics fields hold the endpoint and system's performance metrics
 
     - name: metrics.documents_volume
       level: custom
       type: object
-      object_type: keyword
       description: Statistics about sent documents
 
     - name: metrics.documents_volume.overall
@@ -645,7 +629,6 @@
     - name: metrics.documents_volume.api_events.sources
       level: custom
       type: object
-      object_type: keyword
       description: An array of API Event document statistics per source
 
     - name: metrics.documents_volume.api_events.sources.source
@@ -676,7 +659,6 @@
     - name: metrics.uptime
       level: custom
       type: object
-      object_type: keyword
       description: Number of seconds since boot
 
     - name: metrics.uptime.endpoint
@@ -692,13 +674,11 @@
     - name: metrics.cpu
       level: custom
       type: object
-      object_type: keyword
       description: CPU statistics
 
     - name: metrics.cpu.endpoint
       level: custom
       type: object
-      object_type: keyword
       description: CPU metrics for the endpoint
 
     - name: metrics.cpu.endpoint.mean
@@ -723,19 +703,16 @@
     - name: metrics.memory
       level: custom
       type: object
-      object_type: keyword
       description: Memory statistics
 
     - name: metrics.memory.endpoint
       level: custom
       type: object
-      object_type: keyword
       description: Endpoint memory utilization
 
     - name: metrics.memory.endpoint.private
       level: custom
       type: object
-      object_type: keyword
       description: The memory private to the endpoint
 
     - name: metrics.memory.endpoint.private.mean
@@ -751,7 +728,6 @@
     - name: metrics.disks
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: An array of disk information for the host
 
@@ -800,7 +776,6 @@
     - name: metrics.malicious_behavior_rules
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       description: An array of performance information about each malicious behavior rule
 
@@ -819,7 +794,6 @@
     - name: metrics.system_impact
       level: custom
       type: object
-      object_type: keyword
       enabled: false
       index: false
       description: An array of system impact information
@@ -1047,7 +1021,6 @@
       # using an object here even though it is actually an array because you can only have a limited number
       # of nested fields
       type: object
-      object_type: keyword
       enabled: false
       description: Statistics about the individual Endpoint threads (array)
 
@@ -1066,7 +1039,6 @@
     - name: configuration
       level: custom
       type: object
-      object_type: keyword
       description:
         Configuration fields represent the intended and applied setting for fields not part of a Policy setting
         This reflects what a given field is configured to do. The actual state of that same field is found in Endpoint.state
@@ -1079,7 +1051,6 @@
     - name: state
       level: custom
       type: object
-      object_type: keyword
       description:
         Represents the current state of a non-policy setting
         These fields reflect the current status of a field, which may differ from what it is configured to be (see Endpoint.configuration)
 
@@ -33,7 +33,6 @@
       type: object
       level: custom
       short: data
-      object_type: keyword
       description: >
         The action request information
 
 
@@ -21,13 +21,11 @@
     - name: Ext
       level: custom
       type: object
-      object_type: keyword
       description: Object for all custom defined fields to live in.
 
     - name: Ext.correlation
       level: custom
       type: object
-      object_type: keyword
       description: Information about event this should be correlated with.
 
     - name: Ext.correlation.id
 
@@ -30,7 +30,6 @@
     - name: Ext
       level: custom
       type: object
-      object_type: keyword
       description: Object for all custom defined fields to live in.
 
     - name: Ext.entry_modified
@@ -66,7 +65,6 @@
     - name: Ext.windows
       level: custom
       type: object
-      object_type: keyword
       description: Platform-specific Windows fields
 
     - name: Ext.windows.zone_identifier
@@ -78,7 +76,6 @@
     - name: Ext.original
       level: custom
       type: object
-      object_type: keyword
       description: Original file information during a modification event.
 
     - name: Ext.original.name
@@ -426,5 +423,4 @@
     - name: pe
       level: custom
       type: object
-      object_type: keyword
       description: PE fields