diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml index 13b8db26de5..d5bf18d63a3 100644 --- a/packages/1password/changelog.yml +++ b/packages/1password/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.7.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json index 4b66ba7e6b7..d34deb3265d 100644 --- a/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-item-usages-full-dashboard.json @@ -1,173 +1,516 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "1password-item-usages-full-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T11:13:24.284Z", + "version": "WzU4NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.15.0-SNAPSHOT", + "type": "search", + "gridData": { + "x": 0, + "y": 0, + "w": 31, + "h": 15, + "i": "33e47a7b-72d2-4721-818c-8df8d710c5ea" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "panelIndex": "33e47a7b-72d2-4721-818c-8df8d710c5ea", + "embeddableConfig": { + "enhancements": {} }, - "panelsJSON": [ - { - "version": "7.15.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 0, - "w": 31, - "h": 15, - "i": "33e47a7b-72d2-4721-818c-8df8d710c5ea" - }, - "panelIndex": "33e47a7b-72d2-4721-818c-8df8d710c5ea", - "embeddableConfig": { - "enhancements": {} - }, - "panelRefName": "panel_33e47a7b-72d2-4721-818c-8df8d710c5ea" + "panelRefName": "panel_33e47a7b-72d2-4721-818c-8df8d710c5ea" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "x": 31, + "y": 0, + "w": 17, + "h": 15, + "i": "5270ad02-a029-4aab-a42a-b0b38988d36d" + }, + "panelIndex": "5270ad02-a029-4aab-a42a-b0b38988d36d", + "embeddableConfig": { + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 0.5 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -85.05113, + "maxLon": 360, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": true, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "Audit item usages Source Locations [1Password]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"11a86591-809c-4c7b-9668-0d0cc31980c9\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"55025914-752d-4a12-88f4-c9fe89ddbb9d\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.item_usages\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"ae93e398-4d52-4616-99c3-783c0f34d767\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 24, + "h": 11, + "i": "1591a01e-b61e-4f3a-88d5-f825e39e60b6" + }, + "panelIndex": "1591a01e-b61e-4f3a-88d5-f825e39e60b6", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages over time [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 31, - "y": 0, - "w": 17, - "h": 15, - "i": "5270ad02-a029-4aab-a42a-b0b38988d36d" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "5270ad02-a029-4aab-a42a-b0b38988d36d", - "embeddableConfig": { - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 0.5 + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 360, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": true, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_5270ad02-a029-4aab-a42a-b0b38988d36d" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 15, + "w": 24, + "h": 11, + "i": "3e1ea7df-1443-41c2-a4b4-45389042d2d4" + }, + "panelIndex": "3e1ea7df-1443-41c2-a4b4-45389042d2d4", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot users [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 24, - "h": 11, - "i": "1591a01e-b61e-4f3a-88d5-f825e39e60b6" + "type": "table", + "data": { + "aggs": [ + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.full_name", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Name" + }, + "schema": "metric" }, - "panelIndex": "1591a01e-b61e-4f3a-88d5-f825e39e60b6", - "embeddableConfig": { - "enhancements": {} + { + "id": "4", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.email", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Email" + }, + "schema": "metric" }, - "panelRefName": "panel_1591a01e-b61e-4f3a-88d5-f825e39e60b6" - }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 15, - "w": 24, - "h": 11, - "i": "3e1ea7df-1443-41c2-a4b4-45389042d2d4" + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" }, - "panelIndex": "3e1ea7df-1443-41c2-a4b4-45389042d2d4", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.id", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "User UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_3e1ea7df-1443-41c2-a4b4-45389042d2d4" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 24, + "y": 26, + "w": 24, + "h": 12, + "i": "36297d46-8bb5-476c-b772-479be5811393" + }, + "panelIndex": "36297d46-8bb5-476c-b772-479be5811393", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot items [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 24, - "y": 26, - "w": 24, - "h": 12, - "i": "36297d46-8bb5-476c-b772-479be5811393" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" + }, + { + "id": "3", + "enabled": true, + "type": "max", + "params": { + "field": "@timestamp", + "customLabel": "Last usage" + }, + "schema": "metric" }, - "panelIndex": "36297d46-8bb5-476c-b772-479be5811393", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "onepassword.item_uuid", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Item UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "language": "kuery", + "query": "" }, - "panelRefName": "panel_36297d46-8bb5-476c-b772-479be5811393" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 26, + "w": 24, + "h": 12, + "i": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + }, + "panelIndex": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Item Usages hot vaults [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 26, - "w": 24, - "h": 12, - "i": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" + }, + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "onepassword.item_uuid", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc", + "customLabel": "Top Item UUID" + }, + "schema": "metric" }, - "panelIndex": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "onepassword.vault_uuid", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Vault UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "language": "kuery", + "query": "" }, - "panelRefName": "panel_d7f0be27-d6ed-4ef6-a217-3ee1837a7988" + "filter": [] + } } - ], - "timeRestore": false, - "title": "Item Usages [1Password]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-full-dashboard", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea", - "type": "search" - }, - { - "id": "1password-item-usages-source-IPs-map", - "name": "5270ad02-a029-4aab-a42a-b0b38988d36d:panel_5270ad02-a029-4aab-a42a-b0b38988d36d", - "type": "map" - }, - { - "id": "1password-item-usages-over-time", - "name": "1591a01e-b61e-4f3a-88d5-f825e39e60b6:panel_1591a01e-b61e-4f3a-88d5-f825e39e60b6", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-users", - "name": "3e1ea7df-1443-41c2-a4b4-45389042d2d4:panel_3e1ea7df-1443-41c2-a4b4-45389042d2d4", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-items", - "name": "36297d46-8bb5-476c-b772-479be5811393:panel_36297d46-8bb5-476c-b772-479be5811393", - "type": "visualization" - }, - { - "id": "1password-item-usages-hot-vaults", - "name": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988:panel_d7f0be27-d6ed-4ef6-a217-3ee1837a7988", - "type": "visualization" + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Item Usages [1Password]", + "version": 1 + }, + "references": [ + { + "id": "1password-item-usages", + "name": "33e47a7b-72d2-4721-818c-8df8d710c5ea:panel_33e47a7b-72d2-4721-818c-8df8d710c5ea", + "type": "search" + }, + { + "type": "index-pattern", + "name": "5270ad02-a029-4aab-a42a-b0b38988d36d:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "1591a01e-b61e-4f3a-88d5-f825e39e60b6:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "3e1ea7df-1443-41c2-a4b4-45389042d2d4:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "36297d46-8bb5-476c-b772-479be5811393:search_0", + "id": "1password-item-usages" + }, + { + "type": "search", + "name": "d7f0be27-d6ed-4ef6-a217-3ee1837a7988:search_0", + "id": "1password-item-usages" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json index 62b2344d622..6e3f9a8df7b 100644 --- a/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json +++ b/packages/1password/kibana/dashboard/1password-signin-attempts-full-dashboard.json @@ -1,173 +1,638 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } + "id": "1password-signin-attempts-full-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T11:13:24.284Z", + "version": "WzU4NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "query": { + "query": "", + "language": "kuery" + }, + "filter": [] + } + }, + "optionsJSON": { + "useMargins": true, + "syncColors": false, + "hidePanelTitles": false + }, + "panelsJSON": [ + { + "version": "7.15.0-SNAPSHOT", + "type": "search", + "gridData": { + "x": 0, + "y": 0, + "w": 31, + "h": 15, + "i": "944e346e-36df-430b-9734-5d91da79bdc1" + }, + "panelIndex": "944e346e-36df-430b-9734-5d91da79bdc1", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_944e346e-36df-430b-9734-5d91da79bdc1" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "x": 31, + "y": 0, + "w": 17, + "h": 15, + "i": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f" }, - "optionsJSON": { - "useMargins": true, - "syncColors": false, - "hidePanelTitles": false + "panelIndex": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f", + "embeddableConfig": { + "mapCenter": { + "lat": 18.69679, + "lon": -18.18807, + "zoom": 0.62 + }, + "mapBuffer": { + "minLon": -360, + "minLat": -85.05113, + "maxLon": 360, + "maxLat": 85.05113 + }, + "isLayerTOCOpen": false, + "openTOCDetails": [], + "hiddenLayers": [], + "enhancements": {}, + "attributes": { + "title": "Audit sign-in attempts Source Locations [1Password]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"db596930-2b43-4b31-b555-5bfb2ef9a3b3\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"a912dae9-61dd-4f45-96d4-15968e14aa79\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:1password.signin_attempts\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"98b57871-9ec7-49ce-b371-bd052adaf795\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 15, + "w": 11, + "h": 9, + "i": "1249ea4b-cf49-4d87-8125-7f1dba37353f" }, - "panelsJSON": [ - { - "version": "7.15.0-SNAPSHOT", - "type": "search", - "gridData": { - "x": 0, - "y": 0, - "w": 31, - "h": 15, - "i": "944e346e-36df-430b-9734-5d91da79bdc1" + "panelIndex": "1249ea4b-cf49-4d87-8125-7f1dba37353f", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts unsuccessful gauge [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "gauge", + "addTooltip": true, + "addLegend": true, + "isDisplayWarning": false, + "gauge": { + "alignment": "automatic", + "extendRange": true, + "percentageMode": false, + "gaugeType": "Arc", + "gaugeStyle": "Full", + "backStyle": "Full", + "orientation": "vertical", + "colorSchema": "Green to Red", + "gaugeColorMode": "Labels", + "colorsRange": [ + { + "from": 0, + "to": 10 + }, + { + "from": 10, + "to": 30 + }, + { + "from": 30, + "to": 100 + } + ], + "invertColors": false, + "labels": { + "show": true, + "color": "black" }, - "panelIndex": "944e346e-36df-430b-9734-5d91da79bdc1", - "embeddableConfig": { - "enhancements": {} + "scale": { + "show": true, + "labels": false, + "color": "rgba(105,112,125,0.2)" }, - "panelRefName": "panel_944e346e-36df-430b-9734-5d91da79bdc1" + "type": "meter", + "style": { + "bgWidth": 0.9, + "width": 0.9, + "mask": false, + "bgMask": false, + "maskBars": 50, + "bgFill": "rgba(105,112,125,0.2)", + "bgColor": true, + "subText": "", + "fontSize": 60 + } + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "map", - "gridData": { - "x": 31, - "y": 0, - "w": 17, - "h": 15, - "i": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f" + "type": "gauge", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "schema": "metric", + "params": {} }, - "panelIndex": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f", - "embeddableConfig": { - "mapCenter": { - "lat": 18.69679, - "lon": -18.18807, - "zoom": 0.62 - }, - "mapBuffer": { - "minLon": -360, - "minLat": -85.05113, - "maxLon": 360, - "maxLat": 85.05113 - }, - "isLayerTOCOpen": false, - "openTOCDetails": [], - "hiddenLayers": [], - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "filters", + "schema": "group", + "params": { + "filters": [ + { + "input": { + "query": "NOT event.action: (\"success\" \"firewall_reported_success\")", + "language": "lucene" + }, + "label": "Failed Sign-in attempts" + } + ] + } + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_5a635dbb-4cb6-46f8-9d4c-dd12078b184f" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 11, + "y": 15, + "w": 20, + "h": 9, + "i": "51433376-546a-492a-906e-9ca7f5d34f68" + }, + "panelIndex": "51433376-546a-492a-906e-9ca7f5d34f68", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts over time [1Password]", + "description": "", + "uiState": {}, + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "linear", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 15, - "w": 11, - "h": 9, - "i": "1249ea4b-cf49-4d87-8125-7f1dba37353f" + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" }, - "panelIndex": "1249ea4b-cf49-4d87-8125-7f1dba37353f", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_1249ea4b-cf49-4d87-8125-7f1dba37353f" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 31, + "y": 15, + "w": 17, + "h": 9, + "i": "8f8ae43c-e8d4-4425-b418-224a7db57e86" + }, + "panelIndex": "8f8ae43c-e8d4-4425-b418-224a7db57e86", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts categories over time [1Password]", + "description": "", + "uiState": { + "vis": { + "colors": { + "success": "#54b399", + "credentials_failed": "#e7664c", + "mfa_failed": "#9170b8", + "modern_version_failed": "#d6bf57", + "firewall_failed": "#d36086", + "firewall_reported_success": "#6092c0" + } + } }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 11, - "y": 15, - "w": 20, - "h": 9, - "i": "51433376-546a-492a-906e-9ca7f5d34f68" + "params": { + "type": "line", + "grid": { + "categoryLines": false + }, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "type": "category", + "position": "bottom", + "show": true, + "scale": { + "type": "linear" + }, + "labels": { + "show": true, + "filter": true, + "truncate": 100 + }, + "title": {}, + "style": {} + } + ], + "valueAxes": [ + { + "id": "ValueAxis-1", + "name": "LeftAxis-1", + "type": "value", + "position": "left", + "show": true, + "scale": { + "type": "linear", + "mode": "normal", + "defaultYExtents": true + }, + "labels": { + "show": true, + "rotate": 0, + "filter": false, + "truncate": 100 + }, + "title": { + "text": "Count" + }, + "style": {} + } + ], + "seriesParams": [ + { + "show": true, + "type": "line", + "mode": "normal", + "data": { + "label": "Count", + "id": "1" + }, + "valueAxis": "ValueAxis-1", + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "interpolate": "linear", + "showCircles": true, + "circlesRadius": 3 + } + ], + "addTooltip": true, + "detailedTooltip": true, + "palette": { + "type": "palette", + "name": "default" + }, + "addLegend": true, + "legendPosition": "right", + "fittingFunction": "zero", + "times": [], + "addTimeMarker": false, + "labels": {}, + "radiusRatio": 9, + "thresholdLine": { + "show": false, + "value": 10, + "width": 1, + "style": "full", + "color": "#E7664C" + } + }, + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "enabled": true, + "type": "count", + "params": {}, + "schema": "metric" + }, + { + "id": "4", + "enabled": true, + "type": "date_histogram", + "params": { + "field": "@timestamp", + "timeRange": { + "from": "now-7d/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "scaleMetricValues": false, + "interval": "auto", + "used_interval": "3h", + "drop_partials": false, + "min_doc_count": 1, + "extended_bounds": {} + }, + "schema": "segment" }, - "panelIndex": "51433376-546a-492a-906e-9ca7f5d34f68", - "embeddableConfig": { - "enhancements": {} + { + "id": "3", + "enabled": true, + "type": "terms", + "params": { + "field": "event.action", + "orderBy": "1", + "order": "desc", + "size": 10, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing" + }, + "schema": "group" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_51433376-546a-492a-906e-9ca7f5d34f68" + "filter": [] + } + } + } + } + }, + { + "version": "8.0.0", + "type": "visualization", + "gridData": { + "x": 0, + "y": 24, + "w": 48, + "h": 9, + "i": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + }, + "panelIndex": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sign-in Attempts hot users [1Password]", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showPartialRows": false, + "showMetricsAtAllLevels": false, + "showTotal": false, + "showToolbar": false, + "totalFunc": "sum", + "percentageCol": "" }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 31, - "y": 15, - "w": 17, - "h": 9, - "i": "8f8ae43c-e8d4-4425-b418-224a7db57e86" + "type": "table", + "data": { + "aggs": [ + { + "id": "3", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.full_name", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Name" + }, + "schema": "metric" }, - "panelIndex": "8f8ae43c-e8d4-4425-b418-224a7db57e86", - "embeddableConfig": { - "enhancements": {} + { + "id": "4", + "enabled": true, + "type": "top_hits", + "params": { + "field": "user.email", + "aggregate": "concat", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "asc", + "customLabel": "Email" + }, + "schema": "metric" }, - "panelRefName": "panel_8f8ae43c-e8d4-4425-b418-224a7db57e86" - }, - { - "version": "7.15.0-SNAPSHOT", - "type": "visualization", - "gridData": { - "x": 0, - "y": 24, - "w": 48, - "h": 9, - "i": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + { + "id": "1", + "enabled": true, + "type": "count", + "params": { + "customLabel": "" + }, + "schema": "metric" }, - "panelIndex": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", - "embeddableConfig": { - "enhancements": {} + { + "id": "2", + "enabled": true, + "type": "terms", + "params": { + "field": "user.id", + "orderBy": "1", + "order": "desc", + "size": 5, + "otherBucket": false, + "otherBucketLabel": "Other", + "missingBucket": false, + "missingBucketLabel": "Missing", + "customLabel": "Target User UUID" + }, + "schema": "bucket" + } + ], + "searchSource": { + "query": { + "query": "", + "language": "kuery" }, - "panelRefName": "panel_683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd" + "filter": [] + } } - ], - "timeRestore": false, - "title": "Sign-in Attempts [1Password]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-full-dashboard", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1", - "type": "search" - }, - { - "id": "1password-signin-attempts-source-IPs-map", - "name": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f:panel_5a635dbb-4cb6-46f8-9d4c-dd12078b184f", - "type": "map" - }, - { - "id": "1password-signin-attempts-failed-gauge", - "name": "1249ea4b-cf49-4d87-8125-7f1dba37353f:panel_1249ea4b-cf49-4d87-8125-7f1dba37353f", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-count-over-time", - "name": "51433376-546a-492a-906e-9ca7f5d34f68:panel_51433376-546a-492a-906e-9ca7f5d34f68", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-categories-over-time", - "name": "8f8ae43c-e8d4-4425-b418-224a7db57e86:panel_8f8ae43c-e8d4-4425-b418-224a7db57e86", - "type": "visualization" - }, - { - "id": "1password-signin-attempts-hot-users", - "name": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:panel_683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd", - "type": "visualization" + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Sign-in Attempts [1Password]", + "version": 1 + }, + "references": [ + { + "id": "1password-signin-attempts", + "name": "944e346e-36df-430b-9734-5d91da79bdc1:panel_944e346e-36df-430b-9734-5d91da79bdc1", + "type": "search" + }, + { + "type": "index-pattern", + "name": "5a635dbb-4cb6-46f8-9d4c-dd12078b184f:layer_1_source_index_pattern", + "id": "logs-*" + }, + { + "type": "search", + "name": "1249ea4b-cf49-4d87-8125-7f1dba37353f:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "51433376-546a-492a-906e-9ca7f5d34f68:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "8f8ae43c-e8d4-4425-b418-224a7db57e86:search_0", + "id": "1password-signin-attempts" + }, + { + "type": "search", + "name": "683d1c8e-bb0f-4048-8c15-e9dc3e40fcfd:search_0", + "id": "1password-signin-attempts" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json b/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json deleted file mode 100644 index de425225ebe..00000000000 --- a/packages/1password/kibana/map/1password-item-usages-source-IPs-map.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "11a86591-809c-4c7b-9668-0d0cc31980c9", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "55025914-752d-4a12-88f4-c9fe89ddbb9d", - "joins": [], - "label": "Source Locations", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset:1password.item_usages" - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "ae93e398-4d52-4616-99c3-783c0f34d767", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "title": "Audit item usages Source Locations [1Password]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "1password-item-usages-source-IPs-map", - "migrationVersion": { - "map": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json b/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json deleted file mode 100644 index cf8b5107cad..00000000000 --- a/packages/1password/kibana/map/1password-signin-attempts-source-IPs-map.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "db596930-2b43-4b31-b555-5bfb2ef9a3b3", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "a912dae9-61dd-4f45-96d4-15968e14aa79", - "joins": [], - "label": "Source Locations", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset:1password.signin_attempts" - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": true, - "geoField": "source.geo.location", - "id": "98b57871-9ec7-49ce-b371-bd052adaf795", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "title": "Audit sign-in attempts Source Locations [1Password]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "1password-signin-attempts-source-IPs-map", - "migrationVersion": { - "map": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-items.json b/packages/1password/kibana/visualization/1password-item-usages-hot-items.json deleted file mode 100644 index abf1aff1e2f..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-items.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "language": "kuery", - "query": "" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot items [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "3", - "enabled": true, - "type": "max", - "params": { - "field": "@timestamp", - "customLabel": "Last usage" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "onepassword.item_uuid", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Item UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-items", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-users.json b/packages/1password/kibana/visualization/1password-item-usages-hot-users.json deleted file mode 100644 index c4fe181f6d6..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-users.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot users [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.full_name", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Name" - }, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.email", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Email" - }, - "schema": "metric" - }, - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.id", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "User UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-users", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json b/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json deleted file mode 100644 index 15221667f79..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-hot-vaults.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "language": "kuery", - "query": "" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages hot vaults [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "onepassword.item_uuid", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc", - "customLabel": "Top Item UUID" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "onepassword.vault_uuid", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Vault UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-hot-vaults", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-item-usages-over-time.json b/packages/1password/kibana/visualization/1password-item-usages-over-time.json deleted file mode 100644 index 399a821dd10..00000000000 --- a/packages/1password/kibana/visualization/1password-item-usages-over-time.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Item Usages over time [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-item-usages-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-item-usages", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json b/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json deleted file mode 100644 index cb1335908aa..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-categories-over-time.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts categories over time [1Password]", - "uiStateJSON": { - "vis": { - "colors": { - "success": "#54b399", - "credentials_failed": "#e7664c", - "mfa_failed": "#9170b8", - "modern_version_failed": "#d6bf57", - "firewall_failed": "#d36086", - "firewall_reported_success": "#6092c0" - } - } - }, - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - }, - { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "event.action", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" - }, - "schema": "group" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "zero", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-categories-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json b/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json deleted file mode 100644 index 1dc3e20e093..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-count-over-time.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts over time [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "line", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "@timestamp", - "timeRange": { - "from": "now-7d/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "used_interval": "3h", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {} - }, - "schema": "segment" - } - ], - "params": { - "type": "line", - "grid": { - "categoryLines": false - }, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "scale": { - "type": "linear" - }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 - }, - "title": {}, - "style": {} - } - ], - "valueAxes": [ - { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "scale": { - "type": "linear", - "mode": "normal", - "defaultYExtents": true - }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 - }, - "title": { - "text": "Count" - }, - "style": {} - } - ], - "seriesParams": [ - { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" - }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true, - "circlesRadius": 3 - } - ], - "addTooltip": true, - "detailedTooltip": true, - "palette": { - "type": "palette", - "name": "default" - }, - "addLegend": true, - "legendPosition": "right", - "fittingFunction": "linear", - "times": [], - "addTimeMarker": false, - "labels": {}, - "radiusRatio": 9, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-count-over-time", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json b/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json deleted file mode 100644 index 6cf0cfb6e5c..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-failed-gauge.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts unsuccessful gauge [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "type": "gauge", - "aggs": [ - { - "id": "1", - "enabled": true, - "type": "count", - "schema": "metric", - "params": {} - }, - { - "id": "2", - "enabled": true, - "type": "filters", - "schema": "group", - "params": { - "filters": [ - { - "input": { - "query": "NOT event.action: (\"success\" \"firewall_reported_success\")", - "language": "lucene" - }, - "label": "Failed Sign-in attempts" - } - ] - } - } - ], - "params": { - "type": "gauge", - "addTooltip": true, - "addLegend": true, - "isDisplayWarning": false, - "gauge": { - "alignment": "automatic", - "extendRange": true, - "percentageMode": false, - "gaugeType": "Arc", - "gaugeStyle": "Full", - "backStyle": "Full", - "orientation": "vertical", - "colorSchema": "Green to Red", - "gaugeColorMode": "Labels", - "colorsRange": [ - { - "from": 0, - "to": 10 - }, - { - "from": 10, - "to": 30 - }, - { - "from": 30, - "to": 100 - } - ], - "invertColors": false, - "labels": { - "show": true, - "color": "black" - }, - "scale": { - "show": true, - "labels": false, - "color": "rgba(105,112,125,0.2)" - }, - "type": "meter", - "style": { - "bgWidth": 0.9, - "width": 0.9, - "mask": false, - "bgMask": false, - "maskBars": 50, - "bgFill": "rgba(105,112,125,0.2)", - "bgColor": true, - "subText": "", - "fontSize": 60 - } - } - }, - "title": "" - } - }, - "id": "1password-signin-attempts-failed-gauge", - "migrationVersion": { - "visualization": "7.7.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json b/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json deleted file mode 100644 index b3160218bae..00000000000 --- a/packages/1password/kibana/visualization/1password-signin-attempts-hot-users.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "query": { - "query": "", - "language": "kuery" - }, - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Sign-in Attempts hot users [1Password]", - "uiStateJSON": "{}", - "version": 1, - "visState": { - "title": "", - "type": "table", - "aggs": [ - { - "id": "3", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.full_name", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Name" - }, - "schema": "metric" - }, - { - "id": "4", - "enabled": true, - "type": "top_hits", - "params": { - "field": "user.email", - "aggregate": "concat", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "asc", - "customLabel": "Email" - }, - "schema": "metric" - }, - { - "id": "1", - "enabled": true, - "type": "count", - "params": { - "customLabel": "" - }, - "schema": "metric" - }, - { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "user.id", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing", - "customLabel": "Target User UUID" - }, - "schema": "bucket" - } - ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "showTotal": false, - "showToolbar": false, - "totalFunc": "sum", - "percentageCol": "" - } - } - }, - "coreMigrationVersion": "7.15.0", - "id": "1password-signin-attempts-hot-users", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "1password-signin-attempts", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml index 5e00aefa6b5..c8d0c66fe94 100644 --- a/packages/1password/manifest.yml +++ b/packages/1password/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: 1password title: "1Password" -version: "1.7.0" +version: "1.7.1" license: basic description: Collect logs from 1Password with Elastic Agent. type: integration @@ -9,7 +9,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: ^8.1.0 screenshots: - src: /img/1password-signinattempts-screenshot.png title: Sign-in attempts diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 15ff7cd30bb..cb23f5cbe35 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.4.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "3.4.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/auditd/data_stream/log/sample_event.json b/packages/auditd/data_stream/log/sample_event.json index f902582b263..d642a6e9620 100644 --- a/packages/auditd/data_stream/log/sample_event.json +++ b/packages/auditd/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2016-01-03T00:37:51.394Z", "agent": { - "ephemeral_id": "ef6d17d9-f955-48be-a4c5-6b4ea1fe9772", - "hostname": "docker-fleet-agent", - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "ephemeral_id": "d1c11b5c-1d3d-406c-a19f-372451326efa", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "auditd": { "log": { @@ -23,15 +22,15 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "proctitle", "agent_id_status": "verified", "dataset": "auditd.log", - "ingested": "2022-04-13T05:23:36Z", + "ingested": "2022-11-18T19:50:55Z", "kind": "event" }, "host": { @@ -39,10 +38,10 @@ "containerized": false, "hostname": "docker-fleet-agent", "ip": [ - "172.19.0.7" + "192.168.16.7" ], "mac": [ - "02:42:ac:13:00:07" + "02:42:c0:a8:10:07" ], "name": "docker-fleet-agent", "os": { diff --git a/packages/auditd/docs/README.md b/packages/auditd/docs/README.md index b87580092de..f56e214053a 100644 --- a/packages/auditd/docs/README.md +++ b/packages/auditd/docs/README.md @@ -16,12 +16,11 @@ An example event for `log` looks as following: { "@timestamp": "2016-01-03T00:37:51.394Z", "agent": { - "ephemeral_id": "ef6d17d9-f955-48be-a4c5-6b4ea1fe9772", - "hostname": "docker-fleet-agent", - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "ephemeral_id": "d1c11b5c-1d3d-406c-a19f-372451326efa", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.1.0" }, "auditd": { "log": { @@ -38,15 +37,15 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "f386c08a-1dcf-444a-a259-9c33fa001606", + "id": "af0de6a6-4b25-4d81-827d-0f1c4811a8b3", "snapshot": false, - "version": "7.17.0" + "version": "8.1.0" }, "event": { "action": "proctitle", "agent_id_status": "verified", "dataset": "auditd.log", - "ingested": "2022-04-13T05:23:36Z", + "ingested": "2022-11-18T19:50:55Z", "kind": "event" }, "host": { @@ -54,10 +53,10 @@ An example event for `log` looks as following: "containerized": false, "hostname": "docker-fleet-agent", "ip": [ - "172.19.0.7" + "192.168.16.7" ], "mac": [ - "02:42:ac:13:00:07" + "02:42:c0:a8:10:07" ], "name": "docker-fleet-agent", "os": { diff --git a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json index a403da1b226..954f6e65b68 100644 --- a/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json +++ b/packages/auditd/kibana/dashboard/auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json @@ -1,4 +1,11 @@ { + "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T19:35:54.269Z", + "version": "WzU4MSwxXQ==", "attributes": { "description": "Dashboard for the Auditd Logs integration", "hits": 0, @@ -19,7 +26,55 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event types breakdown [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -29,7 +84,6 @@ "y": 0 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, @@ -43,6 +97,65 @@ "direction": null } } + }, + "savedVis": { + "title": "Top Exec Commands [Logs Auditd]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Command (arg 0)", + "field": "auditd.log.a0", + "order": "desc", + "orderBy": "1", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action:\"EXECVE\" or event.action:\"execve\"" + } + } + } } }, "gridData": { @@ -53,13 +166,26 @@ "y": 0 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event Results [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 12, @@ -69,13 +195,59 @@ "y": 16 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event Account Tag Cloud [Logs Auditd]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 42, + "minFontSize": 15, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -85,7 +257,6 @@ "y": 0 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, @@ -115,10 +286,20 @@ "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"623a62b9-8745-4fec-8738-bbe6fb8c16aa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"efef3e71-f9ce-4a8e-8c27-68ad0d047d9b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Event Address Geo Location [Logs Auditd]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"8155deb8-6760-42ad-b14a-dd20958bcb52\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Event Address Geo Location [Logs Auditd]", @@ -138,50 +319,16 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "09f4ba02-a62c-410f-8d43-31e9e5278826", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "timeRestore": false, "title": "[Logs Auditd] Audit Events", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ - { - "id": "auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "auditd-c5411910-0a87-11e7-8b04-eb22a5669f27", - "name": "6:panel_6", - "type": "visualization" - }, { "id": "auditd-4ac0a370-0a11-11e7-8b04-eb22a5669f27", "name": "7:panel_7", @@ -191,7 +338,25 @@ "id": "logs-*", "name": "09f4ba02-a62c-410f-8d43-31e9e5278826:layer_1_source_index_pattern", "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json b/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json deleted file mode 100644 index fd6b1b27e9d..00000000000 --- a/packages/auditd/kibana/visualization/auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Event Results [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "expression": ".es(q=\"data_stream.dataset:auditd.log NOT event.outcome:failure\").label(\"Success\"), .es(q=\"event.outcome:failed\").label(\"Failure\").title(\"Audit Event Results\")", - "interval": "auto" - }, - "title": "Event Results [Logs Auditd]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-2bb0fa70-0a11-11e7-9e84-43da493ad0c7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json b/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json deleted file mode 100644 index 95d5f66ffe9..00000000000 --- a/packages/auditd/kibana/visualization/auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.action:\"EXECVE\" or event.action:\"execve\"" - } - } - }, - "title": "Top Exec Commands [Logs Auditd]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Command (arg 0)", - "field": "auditd.log.a0", - "order": "desc", - "orderBy": "1", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Audit Top Exec Commands", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-5ebdbe50-0a0f-11e7-825f-6748cda7d858", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json b/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json deleted file mode 100644 index 7add67b674b..00000000000 --- a/packages/auditd/kibana/visualization/auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event types breakdown [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Audit Event Types", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-6295bdd0-0a0e-11e7-825f-6748cda7d858", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json b/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json deleted file mode 100644 index 461480fff0b..00000000000 --- a/packages/auditd/kibana/visualization/auditd-c5411910-0a87-11e7-8b04-eb22a5669f27.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event Account Tag Cloud [Logs Auditd]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 42, - "minFontSize": 15, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Audit Event Account Tag Cloud", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "auditd-c5411910-0a87-11e7-8b04-eb22a5669f27", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index a7eef67adb2..4a5ff88c65e 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: "3.4.0" +version: "3.4.1" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration @@ -14,7 +14,7 @@ license: basic categories: - os_system conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-audit-auditd.png title: Auditd Kibana Dashboard diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index 6d7fb356c5c..fe2fe93d44c 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/auth0/data_stream/logs/sample_event.json b/packages/auth0/data_stream/logs/sample_event.json index 7e3f82cf69b..e480633d481 100644 --- a/packages/auth0/data_stream/logs/sample_event.json +++ b/packages/auth0/data_stream/logs/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2021-11-03T03:25:28.923Z", "agent": { - "ephemeral_id": "3c2232a0-df0e-48e0-8440-96d5500ce25c", - "hostname": "docker-fleet-agent", - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "ephemeral_id": "d1c0e886-ddc2-44b4-903a-9bf026566c0c", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.2" + "version": "8.1.0" }, "auth0": { "logs": { @@ -87,9 +86,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "snapshot": false, - "version": "7.16.2" + "version": "8.1.0" }, "event": { "action": "successful-login", @@ -100,7 +99,7 @@ ], "dataset": "auth0.logs", "id": "90020211103032530111223343147286033102509916061341581378", - "ingested": "2022-01-20T05:57:05Z", + "ingested": "2022-11-18T20:59:34Z", "kind": "event", "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", "outcome": "success", diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index 98f76ada030..a1926e73a5e 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -174,12 +174,11 @@ An example event for `logs` looks as following: { "@timestamp": "2021-11-03T03:25:28.923Z", "agent": { - "ephemeral_id": "3c2232a0-df0e-48e0-8440-96d5500ce25c", - "hostname": "docker-fleet-agent", - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "ephemeral_id": "d1c0e886-ddc2-44b4-903a-9bf026566c0c", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.2" + "version": "8.1.0" }, "auth0": { "logs": { @@ -260,9 +259,9 @@ An example event for `logs` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "38ed1ea2-8c9a-4d5a-81ee-826cead96859", + "id": "2c778b7a-e0be-4a84-8c7c-e0142f3690df", "snapshot": false, - "version": "7.16.2" + "version": "8.1.0" }, "event": { "action": "successful-login", @@ -273,7 +272,7 @@ An example event for `logs` looks as following: ], "dataset": "auth0.logs", "id": "90020211103032530111223343147286033102509916061341581378", - "ingested": "2022-01-20T05:57:05Z", + "ingested": "2022-11-18T20:59:34Z", "kind": "event", "original": "{\"data\":{\"client_id\":\"aI61p8I8aFjmYRliLWgvM9ev97kCCNDB\",\"client_name\":\"Default App\",\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"date\":\"2021-11-03T03:25:28.923Z\",\"details\":{\"completedAt\":1635909928922,\"elapsedTime\":1110091,\"initiatedAt\":1635908818831,\"prompts\":[{\"completedAt\":1635909903693,\"connection\":\"Username-Password-Authentication\",\"connection_id\":\"con_1a5wCUmAs6VOU17n\",\"elapsedTime\":null,\"identity\":\"6182002f34f4dd006b05b5c7\",\"name\":\"prompt-authenticate\",\"stats\":{\"loginsCount\":1},\"strategy\":\"auth0\"},{\"completedAt\":1635909903745,\"elapsedTime\":1084902,\"flow\":\"universal-login\",\"initiatedAt\":1635908818843,\"name\":\"login\",\"timers\":{\"rules\":5},\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},{\"completedAt\":1635909928352,\"elapsedTime\":23378,\"flow\":\"consent\",\"grantInfo\":{\"audience\":\"https://dev-yoj8axza.au.auth0.com/userinfo\",\"expiration\":null,\"id\":\"618201284369c9b4f9cd6d52\",\"scope\":\"openid profile\"},\"initiatedAt\":1635909904974,\"name\":\"consent\"}],\"session_id\":\"1TAd-7tsPYzxWudzqfHYXN0e6q1D0GSc\",\"stats\":{\"loginsCount\":1}},\"hostname\":\"dev-yoj8axza.au.auth0.com\",\"ip\":\"81.2.69.143\",\"log_id\":\"90020211103032530111223343147286033102509916061341581378\",\"strategy\":\"auth0\",\"strategy_type\":\"database\",\"type\":\"s\",\"user_agent\":\"Mozilla/5.0 (X11;Ubuntu; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0\",\"user_id\":\"auth0|6182002f34f4dd006b05b5c7\",\"user_name\":\"neo@test.com\"},\"log_id\":\"90020211103032530111223343147286033102509916061341581378\"}", "outcome": "success", diff --git a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json index 36f9e50349a..24a20bd5d71 100644 --- a/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json +++ b/packages/auth0/kibana/dashboard/auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf.json @@ -1,4 +1,11 @@ { + "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T20:58:16.014Z", + "version": "WzU3NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,6 +25,16 @@ }, "panelsJSON": [ { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", "embeddableConfig": { "attributes": { "references": [ @@ -71,7 +88,7 @@ "label": "Count of records", "operationType": "count", "scale": "ratio", - "sourceField": "Records" + "sourceField": "___records___" } }, "incompleteColumns": {} @@ -87,13 +104,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-0", "key": "data_stream.dataset", "negate": false, "params": { "query": "auth0.logs" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-0" }, "query": { "match_phrase": { @@ -129,21 +146,22 @@ "visualizationType": "lnsPie" }, "enhancements": {}, - "hidePanelTitles": false + "hidePanelTitles": false, + "type": "lens" }, + "title": "Auth0 Log Stream Event Types" + }, + { + "version": "8.1.0", + "type": "lens", "gridData": { "h": 10, - "i": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "w": 15, - "x": 0, + "i": "6089a77e-3c96-4414-9932-eda55ced3d07", + "w": 14, + "x": 15, "y": 0 }, - "panelIndex": "1a13814d-17bf-42cf-8ef9-2dc599fb6766", - "title": "Auth0 Log Stream Event Types", - "type": "lens", - "version": "7.15.1" - }, - { + "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", "embeddableConfig": { "attributes": { "references": [ @@ -206,13 +224,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-0", "key": "data_stream.dataset", "negate": false, "params": { "query": "auth0.logs" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-0" }, "query": { "match_phrase": { @@ -259,21 +277,22 @@ "visualizationType": "lnsXY" }, "enhancements": {}, - "hidePanelTitles": false + "hidePanelTitles": false, + "type": "lens" }, + "title": "Rate of events" + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 10, - "i": "6089a77e-3c96-4414-9932-eda55ced3d07", - "w": 14, - "x": 15, + "i": "5124c723-8890-477e-aad5-bc4fd529bd46", + "w": 9, + "x": 29, "y": 0 }, - "panelIndex": "6089a77e-3c96-4414-9932-eda55ced3d07", - "title": "Rate of events", - "type": "lens", - "version": "7.15.1" - }, - { + "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", "embeddableConfig": { "enhancements": {}, "hidePanelTitles": false, @@ -372,21 +391,22 @@ "title": "", "type": "metric", "uiState": {} - } + }, + "type": "visualization" }, + "title": "Number of Failed Logins" + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 10, - "i": "5124c723-8890-477e-aad5-bc4fd529bd46", - "w": 9, - "x": 29, + "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", + "w": 10, + "x": 38, "y": 0 }, - "panelIndex": "5124c723-8890-477e-aad5-bc4fd529bd46", - "title": "Number of Failed Logins", - "type": "visualization", - "version": "7.15.1" - }, - { + "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", "embeddableConfig": { "enhancements": {}, "hidePanelTitles": false, @@ -485,21 +505,22 @@ "title": "", "type": "metric", "uiState": {} - } - }, - "gridData": { - "h": 10, - "i": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "w": 10, - "x": 38, - "y": 0 + }, + "type": "visualization" }, - "panelIndex": "cb337534-d263-480b-b6a3-80cc4f14d73b", - "title": "Number of Successful Signups", - "type": "visualization", - "version": "7.15.1" + "title": "Number of Successful Signups" }, { + "version": "8.1.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "d00429d4-502f-41d8-8a2b-7300859930ea", + "w": 15, + "x": 0, + "y": 10 + }, + "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", "embeddableConfig": { "attributes": { "references": [ @@ -540,7 +561,7 @@ "label": "Count of records", "operationType": "count", "scale": "ratio", - "sourceField": "Records" + "sourceField": "___records___" }, "60724141-ecf4-4f42-b263-d12cd64fe1a3": { "dataType": "date", @@ -567,13 +588,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-0", "key": "data_stream.dataset", "negate": false, "params": { "query": "auth0.logs" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-0" }, "query": { "match_phrase": { @@ -588,13 +609,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-1", "key": "event.category", "negate": false, "params": { "query": "Login - Success" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-1" }, "query": { "match_phrase": { @@ -661,21 +682,22 @@ "visualizationType": "lnsXY" }, "enhancements": {}, - "hidePanelTitles": false + "hidePanelTitles": false, + "type": "lens" }, + "title": "Rate of Successful Logins" + }, + { + "version": "8.1.0", + "type": "lens", "gridData": { "h": 12, - "i": "d00429d4-502f-41d8-8a2b-7300859930ea", - "w": 15, - "x": 0, + "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", + "w": 14, + "x": 15, "y": 10 }, - "panelIndex": "d00429d4-502f-41d8-8a2b-7300859930ea", - "title": "Rate of Successful Logins", - "type": "lens", - "version": "7.15.1" - }, - { + "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", "embeddableConfig": { "attributes": { "references": [ @@ -727,7 +749,7 @@ "label": "Count of records", "operationType": "count", "scale": "ratio", - "sourceField": "Records" + "sourceField": "___records___" } }, "incompleteColumns": {} @@ -743,13 +765,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-0", "key": "data_stream.dataset", "negate": false, "params": { "query": "auth0.logs" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-0" }, "query": { "match_phrase": { @@ -764,13 +786,13 @@ "meta": { "alias": null, "disabled": false, - "indexRefName": "filter-index-pattern-1", "key": "event.category", "negate": false, "params": { "query": "Login - Failure" }, - "type": "phrase" + "type": "phrase", + "index": "filter-index-pattern-1" }, "query": { "match_phrase": { @@ -817,23 +839,109 @@ "visualizationType": "lnsXY" }, "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "w": 14, - "x": 15, - "y": 10 + "hidePanelTitles": false, + "type": "lens" }, - "panelIndex": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8", - "title": "Rate of Failed Logins", - "type": "lens", - "version": "7.15.1" + "title": "Rate of Failed Logins" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IP Addresses of failed logins", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "default", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auth0.logs.data.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "auth0.logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "auth0.logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "Login - Failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "Login - Failure" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 12, @@ -843,9 +951,8 @@ "y": 10 }, "panelIndex": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "panelRefName": "panel_d6323397-e8a4-4869-ad2b-d48ee5b5a70a", "type": "visualization", - "version": "7.15.1" + "version": "8.0.0" }, { "embeddableConfig": { @@ -868,11 +975,6 @@ "title": "Auth0", "version": 1 }, - "coreMigrationVersion": "7.15.1", - "id": "auth0-29fb7200-4062-11ec-b18d-ef6bf98b26bf", - "migrationVersion": { - "dashboard": "7.15.0" - }, "references": [ { "id": "logs-*", @@ -974,16 +1076,29 @@ "name": "c1a1b718-c5f1-4029-9fda-0cd7ed38b3a8:filter-index-pattern-1", "type": "index-pattern" }, - { - "id": "auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9", - "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:panel_d6323397-e8a4-4869-ad2b-d48ee5b5a70a", - "type": "visualization" - }, { "id": "auth0-629b19e0-4061-11ec-b18d-ef6bf98b26bf", "name": "253f1007-1537-4012-a663-48bccf233f4c:panel_253f1007-1537-4012-a663-48bccf233f4c", "type": "search" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d6323397-e8a4-4869-ad2b-d48ee5b5a70a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json b/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json deleted file mode 100644 index 66c0f143051..00000000000 --- a/packages/auth0/kibana/visualization/auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "auth0.logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "auth0.logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "Login - Failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "Login - Failure" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "IP Addresses of failed logins", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "auth0.logs.data.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "default", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "IP Addresses of failed logins", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.1", - "id": "auth0-187e7650-42a9-11ec-b9a2-edbe9edd14c9", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index 12baf12bffa..51e08e725a2 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0" -version: "1.3.0" +version: "1.3.1" license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration @@ -11,7 +11,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: ^8.1.0 screenshots: - src: /img/auth0-screenshot.png title: Auth0 Dashboard diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 96248d9f883..485b7a30b46 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.4.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json index 87ff8a2f9cf..b9e44f63c89 100644 --- a/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json +++ b/packages/cef/kibana/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9.json @@ -1,4 +1,11 @@ { + "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzY5OCwxXQ==", "attributes": { "description": "Suspicious network activity overview", "hits": 0, @@ -26,6 +33,163 @@ "Destination Ports": "#E24D42" }, "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -36,9 +200,8 @@ "y": 28 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -50,6 +213,72 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -60,9 +289,8 @@ "y": 40 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -74,6 +302,72 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -84,13 +378,111 @@ "y": 40 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -100,13 +492,136 @@ "y": 20 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -116,13 +631,55 @@ "y": 12 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -132,13 +689,55 @@ "y": 52 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -148,13 +747,55 @@ "y": 52 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -164,13 +805,32 @@ "y": 40 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -180,9 +840,8 @@ "y": 0 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -191,6 +850,118 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -201,9 +972,8 @@ "y": 4 }, "panelIndex": "16", - "panelRefName": "panel_16", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -216,6 +986,101 @@ "300 - 400": "rgb(128,0,38)", "50 - 100": "rgb(254,217,118)" } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } }, "gridData": { @@ -226,9 +1091,8 @@ "y": 4 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" } ], "refreshInterval": { @@ -242,67 +1106,45 @@ "title": "[Logs CEF] Network Suspicious Activity Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-04749697-de8d-49b3-8eca-c873ab2c5ac9", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf", - "name": "1:panel_1", - "type": "visualization" + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-07a4a351-d282-44a1-85b0-bc7e846f8471", - "name": "2:panel_2", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-b7227081-e125-49cb-a580-1be363f06be0", - "name": "3:panel_3", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-1c869759-1d3e-4898-b9c7-d2604ed38655", - "name": "5:panel_5", - "type": "visualization" + "type": "search", + "name": "12:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-8f38607c-eb10-410e-aec5-15d8b474211e", - "name": "11:panel_11", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-655beadd-2678-4495-8793-72b5780f6283", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "14:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-769e3f37-2b08-4edb-9013-09140a520e69", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cef-cbde6788-7371-4712-b2e0-3eb07e0841f4", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "name": "17:panel_17", - "type": "visualization" + "type": "search", + "name": "16:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json index 8c6fadd74db..8da7af6f098 100644 --- a/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json +++ b/packages/cef/kibana/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c.json @@ -1,4 +1,11 @@ { + "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzY5OSwxXQ==", "attributes": { "description": "Network data overview", "hits": 0, @@ -19,7 +26,49 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -29,13 +78,113 @@ "y": 32 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -45,13 +194,164 @@ "y": 56 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -61,13 +361,165 @@ "y": 12 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "event.outcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -77,7 +529,6 @@ "y": 48 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, @@ -89,6 +540,118 @@ "0 - 100": "rgb(0,104,55)" }, "legendOpen": false + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -99,7 +662,6 @@ "y": 4 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, @@ -112,6 +674,135 @@ "success": "#629E51", "unknown": "#0A50A1" } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -122,7 +813,6 @@ "y": 20 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", "version": "8.0.0" }, @@ -136,6 +826,103 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -146,7 +933,6 @@ "y": 20 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", "version": "8.0.0" }, @@ -163,6 +949,92 @@ "84% - 100%": "rgb(202,8,35)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -173,13 +1045,143 @@ "y": 20 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -189,7 +1191,6 @@ "y": 40 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", "version": "8.0.0" }, @@ -203,6 +1204,92 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -213,13 +1300,54 @@ "y": 64 }, "panelIndex": "18", - "panelRefName": "panel_18", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -229,13 +1357,107 @@ "y": 64 }, "panelIndex": "19", - "panelRefName": "panel_19", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -245,13 +1467,32 @@ "y": 4 }, "panelIndex": "20", - "panelRefName": "panel_20", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -261,11 +1502,20 @@ "y": 0 }, "panelIndex": "21", - "panelRefName": "panel_21", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 80 + }, + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", "embeddableConfig": { "attributes": { "description": "", @@ -289,20 +1539,21 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", "w": 24, - "x": 0, + "x": 24, "y": 80 }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", "embeddableConfig": { "attributes": { "description": "", @@ -326,18 +1577,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 80 - }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -350,87 +1592,55 @@ "title": "[Logs CEF] Network Overview Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-38061262-edbe-4ccc-8c5c-d22c480b3c64", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-daa1fe0b-a698-4429-8e5d-db251502276c", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cef-efa710e7-907c-4723-92cd-2bd2276f44dd", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-d3ce586b-d372-4e03-9c19-b768b1b953f3", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-291cd92f-52c4-421b-b354-468318ba3e65", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-0a202432-3dbd-49c0-af57-623ffb90211d", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cef-85818e02-7a16-4afa-8278-99c4059ddd82", - "name": "13:panel_13", - "type": "visualization" + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-841a5d3f-c201-4499-a0fd-883247360640", - "name": "15:panel_15", - "type": "visualization" + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-baa6c9ee-dffe-4ea5-bedd-91962700f450", - "name": "17:panel_17", - "type": "visualization" + "type": "search", + "name": "1:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-535a7bf8-a701-4016-86c0-038bc6d9d069", - "name": "18:panel_18", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9", - "name": "19:panel_19", - "type": "visualization" + "type": "search", + "name": "11:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "name": "20:panel_20", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e", - "name": "21:panel_21", - "type": "visualization" + "type": "search", + "name": "15:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "18:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" }, { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "19:search_0", + "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json index 0619b62d392..4f1513e8a4d 100644 --- a/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json +++ b/packages/cef/kibana/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41.json @@ -1,4 +1,11 @@ { + "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMCwxXQ==", "attributes": { "description": "Overview of Microsoft DNS activity via ArcSight", "hits": 0, @@ -19,7 +26,102 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -29,7 +131,6 @@ "y": 4 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, @@ -40,6 +141,106 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -50,7 +251,6 @@ "y": 4 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", "version": "8.0.0" }, @@ -71,6 +271,114 @@ "90k - 108k": "rgb(107,174,214)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -81,13 +389,54 @@ "y": 32 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -97,13 +446,169 @@ "y": 48 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -113,13 +618,114 @@ "y": 32 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -129,7 +735,6 @@ "y": 12 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", "version": "8.0.0" }, @@ -143,6 +748,82 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -153,13 +834,32 @@ "y": 56 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -169,7 +869,6 @@ "y": 0 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", "version": "8.0.0" }, @@ -183,6 +882,140 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF ArcSight]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -193,13 +1026,120 @@ "y": 56 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 12, @@ -209,13 +1149,104 @@ "y": 20 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 12, @@ -225,15 +1256,24 @@ "y": 20 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 + }, + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"56b3b288-a0f1-416d-9d40-96a37c8484fd\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d50cbece-4556-4421-bb06-fb015bfe7baa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Sources by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"555cbeac-b098-4946-9498-6b700e745e8a\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Top Sources by Events [Logs CEF ArcSight]", @@ -253,24 +1293,25 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", "w": 24, - "x": 0, + "x": 24, "y": 72 }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"5231e15c-d374-46ca-9553-3308d723ded3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"8cdaae20-5dcc-4930-b105-802fc344fcb6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destinations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"88700fdc-3a96-46b8-b51f-3839111eb6ec\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Top Destinations by Events [Logs CEF ArcSight]", @@ -290,18 +1331,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 - }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -314,77 +1346,50 @@ "title": "[Logs CEF ArcSight] Microsoft DNS Overview", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-56428e01-0c47-4770-8ba4-9345a029ea41", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-249e2737-b41f-4115-b303-88bc9d279655", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-fcf798a8-db8f-4492-827b-8fa7581108a9", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", - "name": "9:panel_9", - "type": "visualization" + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716", - "name": "11:panel_11", - "type": "visualization" + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, { - "id": "cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b", - "name": "13:panel_13", - "type": "visualization" + "type": "search", + "name": "5:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, { - "id": "cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", - "name": "14:panel_14", - "type": "visualization" + "type": "search", + "name": "6:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, { - "id": "cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "11:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" }, { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "13:search_0", + "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json index c6fc8891bb8..272ccf4cbc1 100644 --- a/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json +++ b/packages/cef/kibana/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf.json @@ -1,4 +1,11 @@ { + "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMSwxXQ==", "attributes": { "description": "Overview of Microsoft DNS activity", "hits": 0, @@ -19,7 +26,102 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "DNS - Event Throughput [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "type": "cumulative_sum" + }, + { + "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", + "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", + "gamma": 0.3, + "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -29,7 +131,6 @@ "y": 4 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, @@ -40,6 +141,106 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "DNS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "32", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Threads", + "field": "cef.extensions.deviceCustomString1" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OpCodes", + "field": "cef.extensions.deviceCustomString2" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Activity Types", + "field": "cef.device.event_class_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -50,7 +251,6 @@ "y": 4 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", "version": "8.0.0" }, @@ -71,6 +271,114 @@ "90k - 108k": "rgb(107,174,214)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top Destinations by Traffic Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 18k": "rgb(247,251,255)", + "108k - 126k": "rgb(74,152,201)", + "126k - 144k": "rgb(46,126,188)", + "144k - 162k": "rgb(23,100,171)", + "162k - 180k": "rgb(8,74,145)", + "18k - 36k": "rgb(227,238,249)", + "36k - 54k": "rgb(208,225,242)", + "54k - 72k": "rgb(182,212,233)", + "72k - 90k": "rgb(148,196,223)", + "90k - 108k": "rgb(107,174,214)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 10, + "colorsRange": [ + { + "from": 0, + "to": null + } + ], + "enableHover": true, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "label": "Inbound" + }, + { + "input": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "label": "Outbound" + } + ] + }, + "schema": "segment", + "type": "filters" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -81,13 +389,54 @@ "y": 32 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Event Types [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 50, + "minFontSize": 12, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -97,13 +446,169 @@ "y": 48 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event Types by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#64B0C8", + "Total (Bytes)": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Type" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "legendPosition": "right", + "orderBucketsBySum": false, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Total (Bytes)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": false, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (Bytes)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.device.event_class_id", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total (Bytes)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -113,13 +618,114 @@ "y": 32 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events Types by Severity [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", + "label": "Cumulative Bytes", + "line_width": "3", + "metrics": [ + { + "field": "source.bytes", + "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", + "type": "count" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" + }, + "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", + "label": "HIGH" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" + }, + "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", + "label": "MEDIUM" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" + }, + "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", + "label": "LOW" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", + "label": "Count by Event Type", + "line_width": 1, + "metrics": [ + { + "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.device.event_class_id", + "terms_size": "20" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -129,7 +735,6 @@ "y": 12 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", "version": "8.0.0" }, @@ -143,6 +748,82 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Destinations by Size [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destinations", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -153,13 +834,32 @@ "y": 56 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -169,7 +869,6 @@ "y": 0 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", "version": "8.0.0" }, @@ -183,6 +882,140 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Sources by Size [Logs CEF]", + "description": "", + "uiState": { + "P-11": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-13": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-2": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-3": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-4": { + "mapCenter": [ + -0.17578097424708533, + 0 + ], + "mapZoom": 0 + }, + "P-5": { + "vis": { + "defaultColors": { + "0 - 18,000": "rgb(247,251,255)", + "108,000 - 126,000": "rgb(74,152,201)", + "126,000 - 144,000": "rgb(46,126,188)", + "144,000 - 162,000": "rgb(23,100,171)", + "162,000 - 180,000": "rgb(8,74,145)", + "18,000 - 36,000": "rgb(227,238,249)", + "36,000 - 54,000": "rgb(208,225,242)", + "54,000 - 72,000": "rgb(182,212,233)", + "72,000 - 90,000": "rgb(148,196,223)", + "90,000 - 108,000": "rgb(107,174,214)" + }, + "legendOpen": false + } + }, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sources", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destinations", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -193,13 +1026,120 @@ "y": 56 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Direction [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "be556a57-cd1c-496c-8714-0bd210947c85", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "filter": { + "language": "lucene", + "query": "device" + }, + "formatter": "number", + "id": "9aae7344-9de9-4378-b21d-296cb964f93b", + "label": "Inbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", + "label": "Inbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": "0.2", + "formatter": "number", + "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", + "label": "Outbound Requests", + "line_width": 1, + "metrics": [ + { + "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "type": "count" + }, + { + "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", + "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", + "name": "outbound" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(211,49,21,1)", + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", + "label": "Outbound Requests" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 12, @@ -209,13 +1149,104 @@ "y": 20 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Size [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.device.product:\"DNS Trace Log\"" + }, + "id": "6e634117-6b30-411c-b74c-75510befe42f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"0\"" + }, + "formatter": "bytes", + "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", + "label": "Inbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "deviceDirection:\"1\"" + }, + "formatter": "bytes", + "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", + "label": "Outbound Bytes", + "line_width": "2", + "metrics": [ + { + "field": "source.bytes", + "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "type": "sum" + }, + { + "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", + "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", + "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", + "name": "outbound_bytes" + } + ] + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 12, @@ -225,11 +1256,20 @@ "y": 20 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "w": 24, + "x": 0, + "y": 72 + }, + "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", "embeddableConfig": { "attributes": { "description": "", @@ -253,20 +1293,21 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 12, - "i": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", + "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", "w": 24, - "x": 0, + "x": 24, "y": 72 }, - "panelIndex": "3cf2118b-5231-49f5-b685-0ff0e1f52c32", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", "embeddableConfig": { "attributes": { "description": "", @@ -290,18 +1331,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "w": 24, - "x": 24, - "y": 72 - }, - "panelIndex": "07f92eca-2078-4aa6-8373-d27ca33595d6", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -314,77 +1346,50 @@ "title": "[Logs CEF] Microsoft DNS Overview", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-607f756e-288d-499a-8f8a-33791354ffaf", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-b25e0340-0e97-4849-9b89-959b9ad8c958", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-1bd44f46-e28d-4a2d-8245-6994372155ab", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-04096ec6-9644-4da7-bba3-35da7882f87d", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-490c415c-b859-4ed0-a2a4-5c4968084985", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-33290695-4eb1-4270-9e63-7083e7b132ed", - "name": "9:panel_9", - "type": "visualization" + "id": "logs-*", + "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da", - "name": "11:panel_11", - "type": "visualization" + "id": "logs-*", + "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, { - "id": "cef-19e44299-4e2a-4da4-a9e5-595b428d49dd", - "name": "13:panel_13", - "type": "visualization" + "type": "search", + "name": "5:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, { - "id": "cef-38fd061a-0976-4005-b0d3-729d693cdd5d", - "name": "14:panel_14", - "type": "visualization" + "type": "search", + "name": "6:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, { - "id": "cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, { - "id": "logs-*", - "name": "3cf2118b-5231-49f5-b685-0ff0e1f52c32:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "11:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" }, { - "id": "logs-*", - "name": "07f92eca-2078-4aa6-8373-d27ca33595d6:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "13:search_0", + "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json index cf70b47d138..9d844b71a62 100644 --- a/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json +++ b/packages/cef/kibana/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf.json @@ -1,4 +1,11 @@ { + "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMiwxXQ==", "attributes": { "description": "Operating system activity from endpoints", "hits": 0, @@ -27,6 +34,184 @@ "Event Types": "#EF843C" }, "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -37,9 +222,8 @@ "y": 28 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -48,6 +232,108 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "event.action" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "event.outcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -58,9 +344,8 @@ "y": 4 }, "panelIndex": "4", - "panelRefName": "panel_4", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -79,6 +364,96 @@ "55k - 110k": "rgb(255,241,170)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -89,13 +464,114 @@ "y": 28 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "event.outcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -105,9 +581,8 @@ "y": 20 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -118,6 +593,63 @@ "success": "#7EB26D", "unknown": "#447EBC" } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -128,9 +660,8 @@ "y": 52 }, "panelIndex": "8", - "panelRefName": "panel_8", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -142,6 +673,100 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "event.action", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -152,13 +777,69 @@ "y": 40 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -168,13 +849,32 @@ "y": 40 }, "panelIndex": "10", - "panelRefName": "panel_10", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -184,13 +884,100 @@ "y": 0 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Endpoint - Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -200,9 +987,8 @@ "y": 4 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -212,6 +998,186 @@ "Destination Users": "#E24D42", "Event Count": "#64B0C8" } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -222,15 +1188,71 @@ "y": 12 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { "enhancements": {}, "vis": { "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -241,15 +1263,71 @@ "y": 64 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { "enhancements": {}, "vis": { "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -260,13 +1338,55 @@ "y": 84 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -276,13 +1396,55 @@ "y": 80 }, "panelIndex": "16", - "panelRefName": "panel_16", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -292,13 +1454,55 @@ "y": 100 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -308,13 +1512,55 @@ "y": 64 }, "panelIndex": "18", - "panelRefName": "panel_18", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -324,9 +1570,8 @@ "y": 92 }, "panelIndex": "19", - "panelRefName": "panel_19", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" } ], "refreshInterval": { @@ -340,92 +1585,75 @@ "title": "[Logs CEF] Endpoint Activity Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-4c86b51e-6886-4484-98a2-508e92b455bb", - "name": "4:panel_4", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b", - "name": "5:panel_5", - "type": "visualization" + "type": "search", + "name": "4:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-0a5276a2-907b-4319-88ab-86fe5ade8b38", - "name": "7:panel_7", - "type": "visualization" + "type": "search", + "name": "5:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a", - "name": "8:panel_8", - "type": "visualization" + "type": "search", + "name": "8:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0", - "name": "9:panel_9", - "type": "visualization" + "type": "search", + "name": "9:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-d2332147-4293-4422-930b-0a319ebeb958", - "name": "10:panel_10", - "type": "visualization" + "type": "search", + "name": "10:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "11:panel_11", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-2a0a7692-9a08-449f-bcef-b85de1855fd5", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "14:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2", - "name": "13:panel_13", - "type": "visualization" + "type": "search", + "name": "15:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-82a333a7-d9d3-4752-b564-160d4b9f188b", - "name": "14:panel_14", - "type": "visualization" + "type": "search", + "name": "16:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-b4ac112e-809a-437d-a805-3ff44a67c21c", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "17:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-1479b35b-1bf3-4767-a510-9d210e010342", - "name": "16:panel_16", - "type": "visualization" + "type": "search", + "name": "18:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" }, { - "id": "cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cef-255c0885-6349-4ab4-ba00-f055c6cc8000", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cef-56247c19-7aa5-475d-b074-5b0cd4794f0c", - "name": "19:panel_19", - "type": "visualization" + "type": "search", + "name": "19:search_0", + "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json index f0f4a66e471..e008417f5f7 100644 --- a/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json +++ b/packages/cef/kibana/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9.json @@ -1,4 +1,11 @@ { + "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwMywxXQ==", "attributes": { "description": "Operating system activity from endpoints via ArcSight", "hits": 0, @@ -27,6 +34,184 @@ "Event Types": "#EF843C" }, "legendOpen": true + }, + "savedVis": { + "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Users" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Event Types" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination User Names" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination User Names", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -37,9 +222,8 @@ "y": 28 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -48,6 +232,108 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "20", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Outcomes", + "field": "cef.extensions.categoryOutcome" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -58,9 +344,8 @@ "y": 4 }, "panelIndex": "4", - "panelRefName": "panel_4", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -79,6 +364,96 @@ "55k - 110k": "rgb(255,241,170)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 9,000": "rgb(255,255,204)", + "18,000 - 27,000": "rgb(254,225,135)", + "27,000 - 36,000": "rgb(254,201,101)", + "36,000 - 45,000": "rgb(254,171,73)", + "45,000 - 54,000": "rgb(253,141,60)", + "54,000 - 63,000": "rgb(252,91,46)", + "63,000 - 72,000": "rgb(237,47,34)", + "72,000 - 81,000": "rgb(212,16,32)", + "81,000 - 90,000": "rgb(176,0,38)", + "9,000 - 18,000": "rgb(255,241,170)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Type", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -89,13 +464,114 @@ "y": 28 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "formatter": "number", + "hide_in_legend": 0, + "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", + "label": "Event Outcomes", + "line_width": "3", + "metrics": [ + { + "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", + "label": "Failure" + }, + { + "color": "rgba(104,188,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "31564794-9278-4f2e-bb20-557f5cfbea79", + "label": "Success" + }, + { + "color": "rgba(251,158,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "none", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,182,204,1)", + "fill": 0.5, + "formatter": "number", + "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", + "label": "Event Count", + "line_width": 1, + "metrics": [ + { + "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -105,9 +581,8 @@ "y": 20 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -118,6 +593,63 @@ "/Failure": "#E24D42", "/Success": "#7EB26D" } + }, + "savedVis": { + "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Behavior", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -128,9 +660,8 @@ "y": 52 }, "panelIndex": "8", - "panelRefName": "panel_8", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -142,6 +673,100 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 15, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Types", + "field": "cef.extensions.categoryBehavior", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -152,13 +777,69 @@ "y": 40 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "OS Vendor", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "OS Product", + "field": "cef.device.product", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -168,13 +849,32 @@ "y": 40 }, "panelIndex": "10", - "panelRefName": "panel_10", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -184,13 +884,100 @@ "y": 0 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "type": "cumulative_sum" + }, + { + "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", + "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", + "gamma": 0.3, + "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "offset_time": "1m", + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -200,9 +987,8 @@ "y": 4 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -212,6 +998,186 @@ "Destination Users": "#E24D42", "Event Count": "#64B0C8" } + }, + "savedVis": { + "title": "Events by Source and Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Timestamp" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Source Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "4", + "label": "Destination Users" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 3, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timestamp", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Users", + "field": "source.user.name" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -222,15 +1188,71 @@ "y": 12 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { "enhancements": {}, "vis": { "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Host", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Host", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -241,15 +1263,71 @@ "y": 64 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { "enhancements": {}, "vis": { "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -260,13 +1338,55 @@ "y": 84 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destinations [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Hosts", + "field": "destination.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -276,13 +1396,55 @@ "y": 80 }, "panelIndex": "16", - "panelRefName": "panel_16", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Users", + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -292,13 +1454,55 @@ "y": 100 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Sources [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Hosts", + "field": "source.domain", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -308,13 +1512,55 @@ "y": 64 }, "panelIndex": "18", - "panelRefName": "panel_18", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Users [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 60, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Users", + "field": "source.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -324,9 +1570,8 @@ "y": 92 }, "panelIndex": "19", - "panelRefName": "panel_19", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" } ], "refreshInterval": { @@ -340,92 +1585,75 @@ "title": "[Logs CEF ArcSight] Endpoint OS Activity Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9e352900-89c3-4c1b-863e-249e24d0dac9", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-59ad829b-12b8-4256-95a5-e7078eda628b", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50", - "name": "4:panel_4", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-77ee0e91-010b-4897-b483-7e9a907d2afe", - "name": "5:panel_5", - "type": "visualization" + "type": "search", + "name": "4:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1", - "name": "7:panel_7", - "type": "visualization" + "type": "search", + "name": "5:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", - "name": "8:panel_8", - "type": "visualization" + "type": "search", + "name": "8:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-2726382e-638a-4dcc-94fc-0ffdc0f92048", - "name": "9:panel_9", - "type": "visualization" + "type": "search", + "name": "9:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-92aecea0-a632-4a55-bb56-50e4cdaca036", - "name": "10:panel_10", - "type": "visualization" + "type": "search", + "name": "10:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "11:panel_11", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-76c088c3-486e-4420-8840-5ede667edffe", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "14:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00", - "name": "13:panel_13", - "type": "visualization" + "type": "search", + "name": "15:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-316fdc75-7215-4c6b-8e1b-70a097b34e28", - "name": "14:panel_14", - "type": "visualization" + "type": "search", + "name": "16:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "17:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", - "name": "16:panel_16", - "type": "visualization" + "type": "search", + "name": "18:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" }, { - "id": "cef-acc915fe-b971-4795-9040-3fbfdf62abe1", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cef-8cd00d20-957d-4663-be4d-ea80b1609586", - "name": "19:panel_19", - "type": "visualization" + "type": "search", + "name": "19:search_0", + "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json index b0ccfc431a9..ac0f8bd7fee 100644 --- a/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json +++ b/packages/cef/kibana/dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15.json @@ -1,4 +1,11 @@ { + "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNCwxXQ==", "attributes": { "description": "Summary of endpoint event data", "hits": 0, @@ -19,7 +26,94 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -29,9 +123,8 @@ "y": 4 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", - "version": "8.2.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -42,6 +135,126 @@ "success": "#629E51", "unknown": "#0A50A1" } + }, + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -52,7 +265,6 @@ "y": 20 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", "version": "8.0.0" }, @@ -65,6 +277,134 @@ "success": "#629E51", "unknown": "#0A50A1" } + }, + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "unknown": "#3F2B5B" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -75,13 +415,136 @@ "y": 20 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "data_stream.dataset:\"cef.log\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -91,13 +554,54 @@ "y": 12 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -107,7 +611,6 @@ "y": 32 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, @@ -118,6 +621,118 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -128,7 +743,6 @@ "y": 4 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, @@ -164,7 +778,49 @@ }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -174,7 +830,6 @@ "y": 44 }, "panelIndex": "10", - "panelRefName": "panel_10", "type": "visualization", "version": "8.0.0" }, @@ -188,6 +843,91 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -198,13 +938,32 @@ "y": 32 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -214,11 +973,20 @@ "y": 0 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 48, + "x": 0, + "y": 52 + }, + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", "embeddableConfig": { "attributes": { "description": "", @@ -242,18 +1010,9 @@ "lon": -12.2843, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 20, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 48, - "x": 0, - "y": 52 - }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -266,67 +1025,50 @@ "title": "[Logs CEF] Endpoint Overview Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-f856a77c-a0fd-4047-afa6-e21a912814c5", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cef-dd339ff5-6b26-4455-ae06-f3b5591479e3", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a", - "name": "5:panel_5", - "type": "visualization" + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", + "name": "9:panel_9", + "type": "search" }, { - "id": "cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e", - "name": "6:panel_6", - "type": "visualization" + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce", - "name": "7:panel_7", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "9:panel_9", - "type": "search" + "type": "search", + "name": "3:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, { - "id": "cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c", - "name": "10:panel_10", - "type": "visualization" + "type": "search", + "name": "6:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, { - "id": "cef-98729301-9b46-4169-b99e-1392af8fa563", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, { - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "10:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" }, { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "12:search_0", + "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json index 38350eb6cfe..770e63ca13e 100644 --- a/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json +++ b/packages/cef/kibana/dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b.json @@ -1,4 +1,11 @@ { + "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNSwxXQ==", "attributes": { "description": "Summary of ArcSight endpoint event data", "hits": 0, @@ -19,7 +26,94 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Endpoint Average EPS [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "gauge_color_rules": [ + { + "id": "03a2fd72-fc9c-4582-9133-20af36217180" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "type": "count" + }, + { + "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", + "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "type": "cumulative_sum" + }, + { + "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", + "id": "215c5225-5368-40e6-8fcd-2b0026babba0", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "215c5225-5368-40e6-8fcd-2b0026babba0", + "gamma": 0.3, + "id": "f4dfe09a-e397-4287-ab99-3206516cded3", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -29,7 +123,6 @@ "y": 4 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, @@ -42,6 +135,126 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "destination.port: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -52,7 +265,6 @@ "y": 32 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", "version": "8.0.0" }, @@ -65,6 +277,134 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Outcomes Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Attempt": "#3F2B5B", + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Time" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Time", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -75,13 +415,136 @@ "y": 32 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Device [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(254,37,37,1)", + "fill": "0", + "formatter": "number", + "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", + "gamma": 0.3, + "id": "59675e84-1a8e-41df-9f63-875109bd795a", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " + }, + "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", + "label": "Operating System" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" + }, + "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", + "label": "Host IDS" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" + }, + "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", + "label": "Application" + } + ], + "split_mode": "filters", + "stacked": "none" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", + "label": "Moving Average by Device HostNames", + "line_width": 1, + "metrics": [ + { + "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", + "gamma": 0.3, + "id": "9765367a-0fc2-45ba-88a8-e87991210edd", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -91,13 +554,54 @@ "y": 12 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Port [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -107,7 +611,6 @@ "y": 44 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, @@ -118,6 +621,118 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Port", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -128,7 +743,6 @@ "y": 4 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, @@ -141,6 +755,133 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Outcomes by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "cef.extensions.categoryDeviceType: Descending" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -151,7 +892,6 @@ "y": 44 }, "panelIndex": "8", - "panelRefName": "panel_8", "type": "visualization", "version": "8.0.0" }, @@ -186,7 +926,49 @@ }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 5 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -196,7 +978,6 @@ "y": 56 }, "panelIndex": "10", - "panelRefName": "panel_10", "type": "visualization", "version": "8.0.0" }, @@ -211,6 +992,63 @@ "Operating System": "#BF1B00", "Security Mangement": "#64B0C8" } + }, + "savedVis": { + "title": "Device Types by Vendor [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "exclude": "", + "field": "cef.device.vendor", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -221,7 +1059,6 @@ "y": 20 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", "version": "8.0.0" }, @@ -235,6 +1072,91 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 35 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -245,7 +1167,6 @@ "y": 56 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", "version": "8.0.0" }, @@ -267,6 +1188,89 @@ "Recon": "#BF1B00", "Security Mangement": "#64B0C8" } + }, + "savedVis": { + "title": "Outcomes by User Names [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Informational": "#7EB26D", + "/Informational/Warning": "#EF843C", + "/Success": "#64B0C8", + "Anti-Virus": "#B7DBAB", + "Host-based IDS/IPS": "#629E51", + "Log Consolidator": "#E0F9D7", + "Operating System": "#3F6833", + "Recon": "#BF1B00", + "Security Mangement": "#CFFAFF" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "exclude": "Network-based IDS/IPS", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "destination.user.name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -277,13 +1281,32 @@ "y": 20 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -293,15 +1316,24 @@ "y": 0 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 12, + "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", + "w": 24, + "x": 24, + "y": 64 + }, + "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"de084257-24da-4ea9-922e-a2d7565ebcd6\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"741ceaa6-5b51-4959-9935-c5961b12f539\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Event [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"ba850a09-c635-4855-b68b-de16dd200d6f\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Top Destination Locations by Event [Logs CEF ArcSight]", @@ -321,18 +1353,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 12, - "i": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "w": 24, - "x": 24, - "y": 64 - }, - "panelIndex": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -345,82 +1368,65 @@ "title": "[Logs CEF ArcSight] Endpoint Overview Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-9457ee67-895f-4b78-a543-268f9687a745", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cef-89998099-9a39-44cf-beba-5b97f0524cf9", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cef-718b074e-3dd1-4d03-ba11-7f869cdcd703", - "name": "5:panel_5", - "type": "visualization" + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", + "name": "9:panel_9", + "type": "search" }, { - "id": "cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f", - "name": "6:panel_6", - "type": "visualization" + "id": "logs-*", + "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-7454c034-c5f3-48fe-8fce-ef4385c80350", - "name": "7:panel_7", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-118af639-1f37-4541-a960-5a3ff0613e0e", - "name": "8:panel_8", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "9:panel_9", - "type": "search" + "type": "search", + "name": "6:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960", - "name": "10:panel_10", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-f57734dd-0f32-42b4-94dd-5d597f6735e1", - "name": "11:panel_11", - "type": "visualization" + "type": "search", + "name": "8:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-295986d4-d2ea-4541-8e82-7dc95c0cd830", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "10:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53", - "name": "14:panel_14", - "type": "visualization" + "type": "search", + "name": "11:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "12:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" }, { - "id": "logs-*", - "name": "c9fd3ece-2bef-4cdc-9f83-ed689b35a17a:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "14:search_0", + "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json index ca4bb5af53b..2552ae7017f 100644 --- a/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json +++ b/packages/cef/kibana/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619.json @@ -1,4 +1,11 @@ { + "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNiwxXQ==", "attributes": { "description": "Suspicious network activity overview via ArcSight", "hits": 0, @@ -26,6 +33,163 @@ "Destination Ports": "#E24D42" }, "legendOpen": false + }, + "savedVis": { + "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Source Addresses" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Addresses" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Destination Ports" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Addresses" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Destination Ports" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -36,9 +200,8 @@ "y": 28 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -50,6 +213,72 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -60,9 +289,8 @@ "y": 40 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -74,6 +302,72 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source Address", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -84,13 +378,111 @@ "y": 40 }, "panelIndex": "3", - "panelRefName": "panel_3", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Severity [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "hide_last_value_indicator": true, + "id": "c39a76e5-f613-41a9-8335-c442747791e0", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "0.0[0]a", + "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", + "label": "Event by Severities", + "line_width": 1, + "metrics": [ + { + "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "type": "count" + }, + { + "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", + "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", + "sigma": "", + "type": "sum_bucket" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,204,202,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Low\" OR severity:\"0\"" + }, + "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", + "label": "LOW" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Medium\"" + }, + "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", + "label": "MEDIUM" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "severity:\"High\"" + }, + "id": "e142c55b-6ee5-416a-8bd3-d10398044864", + "label": "HIGH" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "severity:\"Very-High\"" + }, + "id": "4b05b562-c419-4214-b814-d4c242251521", + "label": "VERY HIGH" + } + ], + "split_mode": "filters", + "stacked": "none" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -100,9 +492,8 @@ "y": 20 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -113,6 +504,135 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -123,13 +643,136 @@ "y": 28 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "117fde19-e227-4fcb-8019-e82e6677c340", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostmessage", + "terms_order_by": null, + "value_template": "{{value}}" + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "0.5", + "formatter": "number", + "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", + "label": "Top Source Addresses", + "line_width": "0", + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "source.ip", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -139,13 +782,55 @@ "y": 12 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Source Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -155,13 +840,55 @@ "y": 52 }, "panelIndex": "12", - "panelRefName": "panel_12", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -171,13 +898,55 @@ "y": 52 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Destination Ports [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 12, @@ -187,13 +956,32 @@ "y": 40 }, "panelIndex": "14", - "panelRefName": "panel_14", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -203,9 +991,8 @@ "y": 0 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -214,6 +1001,118 @@ "defaultColors": { "0 - 100": "rgb(0,104,55)" } + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -224,9 +1123,8 @@ "y": 4 }, "panelIndex": "16", - "panelRefName": "panel_16", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" }, { "embeddableConfig": { @@ -239,6 +1137,101 @@ "300 - 400": "rgb(128,0,38)", "50 - 100": "rgb(254,217,118)" } + }, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } } }, "gridData": { @@ -249,9 +1242,8 @@ "y": 4 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", - "version": "7.3.0" + "version": "8.0.0" } ], "refreshInterval": { @@ -265,72 +1257,50 @@ "title": "[Logs CEF ArcSight] Network Suspicious Activity Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-db1e1aca-279e-4ecc-b84e-fe58644f7619", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-fa8b26c1-6973-4381-adb3-bcde0d03a520", - "name": "1:panel_1", - "type": "visualization" + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", - "name": "2:panel_2", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3", - "name": "3:panel_3", - "type": "visualization" + "type": "search", + "name": "3:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", - "name": "5:panel_5", - "type": "visualization" + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7", - "name": "9:panel_9", - "type": "visualization" + "type": "search", + "name": "12:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-d02dd523-ce91-40e9-9209-83797f80ed45", - "name": "11:panel_11", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-589fec8c-336e-4122-8fef-a450bddf84f6", - "name": "12:panel_12", - "type": "visualization" + "type": "search", + "name": "14:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-86bd5f13-ca6b-43fa-b209-54e7460344bb", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cef-1204cf27-05e0-4905-bfa1-688aaaaaa840", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "name": "17:panel_17", - "type": "visualization" + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json index b4f81e3075d..b33c963b0bd 100644 --- a/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json +++ b/packages/cef/kibana/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71.json @@ -1,4 +1,11 @@ { + "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-18T22:12:41.044Z", + "version": "WzcwNywxXQ==", "attributes": { "description": "Network data overview via ArcSight", "hits": 0, @@ -19,7 +26,49 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Application Protocols [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.application", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 8, @@ -29,13 +78,113 @@ "y": 44 }, "panelIndex": "1", - "panelRefName": "panel_1", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Bandwidth Utilization [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "" + }, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "d27f09dc-b07e-493f-a223-a85033ad6548", + "label": "Inbound", + "line_width": 1, + "metrics": [ + { + "field": "source.bytes", + "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", + "type": "sum" + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_order_by": "_count" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", + "label": "Outbound", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "type": "sum" + }, + { + "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", + "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", + "type": "calculation", + "variables": [ + { + "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", + "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", + "name": "outbound" + } + ] + } + ], + "override_index_pattern": 1, + "point_size": 1, + "seperate_axis": 0, + "series_drop_last_bucket": 1, + "series_index_pattern": "logs-*", + "series_time_field": "@timestamp", + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "steps": 0 + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -45,13 +194,164 @@ "y": 68 }, "panelIndex": "2", - "panelRefName": "panel_2", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Source [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "0c929603-fc92-4ebc-a963-fe2795417d89", + "label": "Firewall Events" + }, + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" + }, + "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", + "label": "Intrusion Detection Events" + }, + { + "color": "rgba(252,220,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", + "label": "VPN" + } + ], + "split_mode": "filters", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(0,156,224,1)", + "fill": "0.5", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Device Hosts", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "observer.hostname", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -61,13 +361,165 @@ "y": 12 }, "panelIndex": "5", - "panelRefName": "panel_5", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "bar_color": null, + "id": "23db5bf6-f787-474e-86ab-76362432e984", + "value": 0 + } + ], + "drilldown_url": "", + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": { + "language": "lucene", + "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" + }, + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(254,146,0,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", + "label": "Firewall" + } + ], + "split_mode": "filter", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(104,188,0,1)", + "fill": "1", + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Moving Average by Event Outcome", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(104,188,0,0.35)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Success\"" + }, + "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", + "label": "Success" + }, + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Failure\"" + }, + "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", + "label": "Failure" + }, + { + "color": "rgba(0,156,224,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryOutcome:\"/Attempt\"" + }, + "id": "2ff1e859-b178-4824-a0f2-69a115932b98", + "label": "Attempt" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "cef.extensions.categoryOutcome", + "terms_size": "3" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -77,7 +529,6 @@ "y": 60 }, "panelIndex": "6", - "panelRefName": "panel_6", "type": "visualization", "version": "8.0.0" }, @@ -89,6 +540,118 @@ "0 - 100": "rgb(0,104,55)" }, "legendOpen": false + }, + "savedVis": { + "title": "Device Metrics Overview [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "30", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "12", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Devices", + "field": "observer.hostname" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -99,7 +662,6 @@ "y": 4 }, "panelIndex": "7", - "panelRefName": "panel_7", "type": "visualization", "version": "8.0.0" }, @@ -112,6 +674,135 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Outcome by Device Type [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Firewall Types" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "orderBucketsBySum": true, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "square root" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 3 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -122,7 +813,6 @@ "y": 20 }, "panelIndex": "9", - "panelRefName": "panel_9", "type": "visualization", "version": "8.0.0" }, @@ -135,6 +825,135 @@ "/Failure": "#BF1B00", "/Success": "#629E51" } + }, + "savedVis": { + "title": "Destination Ports by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "colors": { + "/Failure": "#BF1B00", + "/Success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "rotate": 75, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Protocols" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "percentage", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Protocols", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -145,7 +964,6 @@ "y": 20 }, "panelIndex": "11", - "panelRefName": "panel_11", "type": "visualization", "version": "8.0.0" }, @@ -159,6 +977,103 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source(s)", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination(s)", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bandwidth (Incoming)", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bandwidth (Outgoing)", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -169,7 +1084,6 @@ "y": 32 }, "panelIndex": "13", - "panelRefName": "panel_13", "type": "visualization", "version": "8.0.0" }, @@ -186,6 +1100,92 @@ "84% - 100%": "rgb(202,8,35)" }, "legendOpen": false + }, + "savedVis": { + "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0% - 17%": "rgb(255,255,204)", + "17% - 34%": "rgb(255,230,146)", + "34% - 50%": "rgb(254,191,90)", + "50% - 67%": "rgb(253,141,60)", + "67% - 84%": "rgb(244,61,37)", + "84% - 100%": "rgb(202,8,35)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 6, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": true, + "setColorRange": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "#555", + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Device Host Names", + "field": "observer.hostname", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Outcome", + "field": "cef.extensions.categoryOutcome", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -196,7 +1196,6 @@ "y": 32 }, "panelIndex": "15", - "panelRefName": "panel_15", "type": "visualization", "version": "8.0.0" }, @@ -213,6 +1212,50 @@ "Operating System": "#1F78C1", "VPN": "#EAB839" } + }, + "savedVis": { + "title": "Device Type Breakdown [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall Types", + "field": "cef.extensions.categoryDeviceType", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -223,13 +1266,143 @@ "y": 20 }, "panelIndex": "16", - "panelRefName": "panel_16", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Events by Device Types [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color": null, + "background_color_rules": [ + { + "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" + } + ], + "bar_color_rules": [ + { + "id": "23db5bf6-f787-474e-86ab-76362432e984" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" + }, + "gauge_color_rules": [ + { + "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(211,49,21,1)", + "fill": "0", + "filter": "", + "formatter": "number", + "id": "04c44192-1112-4515-a8d9-e9e13215aecf", + "label": "Events", + "line_width": "3", + "metrics": [ + { + "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", + "gamma": 0.3, + "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "sigma": "", + "type": "moving_average", + "window": "10" + } + ], + "point_size": "0", + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "rgba(244,78,59,1)", + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" + }, + "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", + "label": "Firewall" + } + ], + "split_mode": "everything", + "stacked": "none", + "steps": 0, + "terms_field": "observer.hostname", + "terms_order_by": null + }, + { + "axis_position": "left", + "chart_type": "bar", + "color": "rgba(251,158,0,1)", + "fill": 0.5, + "formatter": "number", + "id": "29d6131a-5143-4a64-b597-9538692f0269", + "label": "Top Device Types by Mvg Averages", + "line_width": 1, + "metrics": [ + { + "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "type": "count" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", + "gamma": 0.3, + "id": "87e21aaa-12eb-4213-bb37-41cb19219240", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 1, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cef.extensions.categoryDeviceType", + "terms_size": "10" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -239,7 +1412,6 @@ "y": 52 }, "panelIndex": "17", - "panelRefName": "panel_17", "type": "visualization", "version": "8.0.0" }, @@ -253,6 +1425,92 @@ "direction": null } } + }, + "savedVis": { + "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Addresses", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination Addresses", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } } }, "gridData": { @@ -263,13 +1521,54 @@ "y": 76 }, "panelIndex": "18", - "panelRefName": "panel_18", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 20 Source Countries [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 26, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "square root" + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, "gridData": { "h": 16, @@ -279,13 +1578,107 @@ "y": 76 }, "panelIndex": "19", - "panelRefName": "panel_19", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Network - Event Throughput [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3eadd451-5033-423f-88e3-814cc5e50b50" + } + ], + "bar_color_rules": [ + { + "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " + }, + "gauge_color_rules": [ + { + "gauge": null, + "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "73968651-c41e-473e-a153-a025f49d1a1b", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(0,156,224,1)", + "fill": 0.5, + "formatter": "number", + "id": "90d7621e-3265-4fe8-8882-8df9605ea659", + "label": "Event Throughput", + "line_width": 1, + "metrics": [ + { + "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "type": "count" + }, + { + "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", + "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "type": "cumulative_sum" + }, + { + "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", + "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "type": "derivative", + "unit": "1s" + }, + { + "alpha": 0.3, + "beta": 0.1, + "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", + "gamma": 0.3, + "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", + "model_type": "simple", + "multiplicative": false, + "period": 1, + "type": "moving_average", + "window": "10" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}} / s" + } + ], + "show_legend": 1, + "time_field": "@timestamp", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, "gridData": { "h": 8, @@ -295,13 +1688,32 @@ "y": 4 }, "panelIndex": "20", - "panelRefName": "panel_20", "type": "visualization", "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": " Dashboard Navigation [Logs CEF ArcSight]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "query_string": { + "query": "*" + } + } + } + } + } }, "gridData": { "h": 4, @@ -311,15 +1723,24 @@ "y": 0 }, "panelIndex": "21", - "panelRefName": "panel_21", "type": "visualization", "version": "8.0.0" }, { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c6a1fd07-de0f-444b-8814-902cbf2d019a\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"c1643919-b9de-4588-826f-93710a159e2b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Destination Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"5183bb72-a077-4cf0-8aba-561a15b012cf\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Top Destination Locations by Events [Logs CEF ArcSight]", @@ -339,24 +1760,25 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 24, - "i": "49de47fb-1382-4009-89d2-b96a4161e12d", + "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", "w": 24, - "x": 0, + "x": 24, "y": 92 }, - "panelIndex": "49de47fb-1382-4009-89d2-b96a4161e12d", - "type": "map", - "version": "8.0.0" - }, - { + "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c2329af2-2183-45cb-9f40-d0f2e984c5b3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"1fc250c2-4990-401e-b709-61e1f4824005\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Source Locations by Events [Logs CEF ArcSight]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"e1eda4fd-94b9-4c31-9615-70334517a966\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", "references": [], "title": "Top Source Locations by Events [Logs CEF ArcSight]", @@ -376,18 +1798,9 @@ "lon": 0, "zoom": 1.78 }, - "openTOCDetails": [] - }, - "gridData": { - "h": 24, - "i": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "w": 24, - "x": 24, - "y": 92 - }, - "panelIndex": "9d097034-9ebb-4f53-ad39-e42e625b541c", - "type": "map", - "version": "8.0.0" + "openTOCDetails": [], + "type": "map" + } } ], "refreshInterval": { @@ -400,97 +1813,65 @@ "title": "[Logs CEF ArcSight] Network Overview Dashboard", "version": 1 }, - "coreMigrationVersion": "8.0.0", - "id": "cef-dd0bc9af-2e89-4150-9b42-62517ea56b71", - "migrationVersion": { - "dashboard": "8.0.0" - }, "references": [ { - "id": "cef-f5258de9-71f7-410f-b713-201007f77470", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cef-0abfc226-535b-45a2-b534-e9bc87e5584f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cef-499f50ba-2f84-4f7c-9021-73a4efc47921", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cef-df056709-2deb-4363-ae7a-b0148ea456c6", - "name": "11:panel_11", - "type": "visualization" + "id": "logs-*", + "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-e89a64e8-928c-41fc-8745-3c8157b21cdb", - "name": "13:panel_13", - "type": "visualization" + "id": "logs-*", + "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", + "type": "index-pattern" }, { - "id": "cef-a729c249-8d34-4eb1-bbb0-5d25cf224114", - "name": "15:panel_15", - "type": "visualization" + "type": "search", + "name": "1:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042", - "name": "16:panel_16", - "type": "visualization" + "type": "search", + "name": "7:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-e513c269-350c-40c3-ac20-16c5782103b8", - "name": "17:panel_17", - "type": "visualization" + "type": "search", + "name": "9:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-8f6075c5-f525-4173-92a4-3a56e96e362d", - "name": "18:panel_18", - "type": "visualization" + "type": "search", + "name": "11:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-013ff153-7b80-490b-8fec-6e56cba785ed", - "name": "19:panel_19", - "type": "visualization" + "type": "search", + "name": "13:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "name": "20:panel_20", - "type": "visualization" + "type": "search", + "name": "15:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "cef-c394e650-b16c-407c-b305-bd409d69d433", - "name": "21:panel_21", - "type": "visualization" + "type": "search", + "name": "16:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "logs-*", - "name": "49de47fb-1382-4009-89d2-b96a4161e12d:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "18:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" }, { - "id": "logs-*", - "name": "9d097034-9ebb-4f53-ad39-e42e625b541c:layer_1_source_index_pattern", - "type": "index-pattern" + "type": "search", + "name": "19:search_0", + "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json b/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json deleted file mode 100644 index 728bac69b38..00000000000 --- a/packages/cef/kibana/visualization/cef-013ff153-7b80-490b-8fec-6e56cba785ed.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Source Countries [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 20 Source Countries [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-013ff153-7b80-490b-8fec-6e56cba785ed", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json b/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json deleted file mode 100644 index ee60f36e52b..00000000000 --- a/packages/cef/kibana/visualization/cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-01c3618c-9962-4fe9-b9c5-f73dfecc6eba", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json b/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json deleted file mode 100644 index 6a786957e5e..00000000000 --- a/packages/cef/kibana/visualization/cef-04096ec6-9644-4da7-bba3-35da7882f87d.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Event Types [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Event Types [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-04096ec6-9644-4da7-bba3-35da7882f87d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json b/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json deleted file mode 100644 index 2e04aeca96d..00000000000 --- a/packages/cef/kibana/visualization/cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Port [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Port [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0410a35e-eabd-46f4-a124-c780b6d1fd2e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json b/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json deleted file mode 100644 index 093689fbd52..00000000000 --- a/packages/cef/kibana/visualization/cef-07a4a351-d282-44a1-85b0-bc7e846f8471.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Addresses [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Addresses [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-07a4a351-d282-44a1-85b0-bc7e846f8471", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json b/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json deleted file mode 100644 index 861b9809e3c..00000000000 --- a/packages/cef/kibana/visualization/cef-0959df23-10c9-47fd-bebd-c382007b3584.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "title": " Dashboard Navigation [Logs CEF]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0959df23-10c9-47fd-bebd-c382007b3584", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json b/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json deleted file mode 100644 index f0def332354..00000000000 --- a/packages/cef/kibana/visualization/cef-0a202432-3dbd-49c0-af57-623ffb90211d.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcome [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0a202432-3dbd-49c0-af57-623ffb90211d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json b/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json deleted file mode 100644 index f5e9353dedd..00000000000 --- a/packages/cef/kibana/visualization/cef-0a5276a2-907b-4319-88ab-86fe5ade8b38.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcomes [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" - }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "event.outcome", - "terms_size": "3" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcomes [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0a5276a2-907b-4319-88ab-86fe5ade8b38", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json b/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json deleted file mode 100644 index 6efca4f2520..00000000000 --- a/packages/cef/kibana/visualization/cef-0abfc226-535b-45a2-b534-e9bc87e5584f.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Bandwidth Utilization [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" - } - ] - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Bandwidth Utilization [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0abfc226-535b-45a2-b534-e9bc87e5584f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json b/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json deleted file mode 100644 index c8ce2feeae4..00000000000 --- a/packages/cef/kibana/visualization/cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "DNS Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" - }, - "title": "DNS Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0d0fd899-a40a-43e5-ac80-56f3bf09c18c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json b/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json deleted file mode 100644 index 9d87e22c28a..00000000000 --- a/packages/cef/kibana/visualization/cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcomes [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "id": "74716d29-91c6-4095-bc7d-7f6700f12b1f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "formatter": "number", - "hide_in_legend": 0, - "id": "932c5de4-f841-4f27-99e4-60d95d3aa16c", - "label": "Event Outcomes", - "line_width": "3", - "metrics": [ - { - "id": "4c263b6d-8117-43c6-b83f-5c4145f43cfc", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "94371b84-a7aa-4824-b4d1-217ecbe725a5", - "label": "Failure" - }, - { - "color": "rgba(104,188,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "31564794-9278-4f2e-bb20-557f5cfbea79", - "label": "Success" - }, - { - "color": "rgba(251,158,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "10c0f919-0853-41b5-94b4-2e39932e7aa0", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "none", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,182,204,1)", - "fill": 0.5, - "formatter": "number", - "id": "c9eca9d0-c2e0-45e6-a3ce-f158c40fdd74", - "label": "Event Count", - "line_width": 1, - "metrics": [ - { - "id": "6d8513ca-cc72-4b27-91b6-6b689558cdcb", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcomes [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0f4028b2-3dc2-4cb6-80d8-285c847a02a1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json b/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json deleted file mode 100644 index cac7363c6db..00000000000 --- a/packages/cef/kibana/visualization/cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-0fe1baba-84a8-4cb3-9b17-bae8693c345a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json b/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json deleted file mode 100644 index b89210fb2d8..00000000000 --- a/packages/cef/kibana/visualization/cef-118af639-1f37-4541-a960-5a3ff0613e0e.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "cef.extensions.categoryDeviceType: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-118af639-1f37-4541-a960-5a3ff0613e0e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json b/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json deleted file mode 100644 index 1543246686c..00000000000 --- a/packages/cef/kibana/visualization/cef-1204cf27-05e0-4905-bfa1-688aaaaaa840.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Ports [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Ports [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1204cf27-05e0-4905-bfa1-688aaaaaa840", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json b/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json deleted file mode 100644 index d0c9cc86b9c..00000000000 --- a/packages/cef/kibana/visualization/cef-1479b35b-1bf3-4767-a510-9d210e010342.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destinations [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1479b35b-1bf3-4767-a510-9d210e010342", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json b/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json deleted file mode 100644 index 3999dce5a3e..00000000000 --- a/packages/cef/kibana/visualization/cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "cef.extensions.categoryOutcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint OS Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-158d809a-89db-4ffa-88a1-eb5c4bf58d50", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json b/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json deleted file mode 100644 index 608da3398aa..00000000000 --- a/packages/cef/kibana/visualization/cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Direction [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Direction [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-16aef3e9-e33b-4bab-b32f-d8c5b1263ac0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json b/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json deleted file mode 100644 index c199c5f33b5..00000000000 --- a/packages/cef/kibana/visualization/cef-19e44299-4e2a-4da4-a9e5-595b428d49dd.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Size [Logs CEF]", - "uiStateJSON": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Sources by Size [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-19e44299-4e2a-4da4-a9e5-595b428d49dd", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json b/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json deleted file mode 100644 index 880b3ff4a01..00000000000 --- a/packages/cef/kibana/visualization/cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Destinations by Size [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1b9cc5b7-7747-49de-96b1-a4bc7f675716", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json b/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json deleted file mode 100644 index d459414feb6..00000000000 --- a/packages/cef/kibana/visualization/cef-1bd44f46-e28d-4a2d-8245-6994372155ab.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destinations by Traffic Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top Destinations by Traffic Size [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1bd44f46-e28d-4a2d-8245-6994372155ab", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json b/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json deleted file mode 100644 index 80e0bdbccea..00000000000 --- a/packages/cef/kibana/visualization/cef-1c869759-1d3e-4898-b9c7-d2604ed38655.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Severity [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" - }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Events by Severity [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-1c869759-1d3e-4898-b9c7-d2604ed38655", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json b/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json deleted file mode 100644 index 8ed662e7131..00000000000 --- a/packages/cef/kibana/visualization/cef-249e2737-b41f-4115-b303-88bc9d279655.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "DNS Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Threads", - "field": "cef.extensions.deviceCustomString1" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OpCodes", - "field": "cef.extensions.deviceCustomString2" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Activity Types", - "field": "cef.device.event_class_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "32", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "type": "gauge" - }, - "title": "DNS Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-249e2737-b41f-4115-b303-88bc9d279655", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json b/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json deleted file mode 100644 index 4b5d8c515a7..00000000000 --- a/packages/cef/kibana/visualization/cef-255c0885-6349-4ab4-ba00-f055c6cc8000.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Sources [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-255c0885-6349-4ab4-ba00-f055c6cc8000", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json b/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json deleted file mode 100644 index bbe61459afe..00000000000 --- a/packages/cef/kibana/visualization/cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "P-11": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-13": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "P-2": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-3": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-4": { - "mapCenter": [ - -0.17578097424708533, - 0 - ], - "mapZoom": 0 - }, - "P-5": { - "vis": { - "defaultColors": { - "0 - 18,000": "rgb(247,251,255)", - "108,000 - 126,000": "rgb(74,152,201)", - "126,000 - 144,000": "rgb(46,126,188)", - "144,000 - 162,000": "rgb(23,100,171)", - "162,000 - 180,000": "rgb(8,74,145)", - "18,000 - 36,000": "rgb(227,238,249)", - "36,000 - 54,000": "rgb(208,225,242)", - "54,000 - 72,000": "rgb(182,212,233)", - "72,000 - 90,000": "rgb(148,196,223)", - "90,000 - 108,000": "rgb(107,174,214)" - }, - "legendOpen": false - } - }, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sources", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destinations", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Sources by Size [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-26a65f68-d7a6-4b47-befc-c5a6819bb91b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json b/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json deleted file mode 100644 index 4f31eac1620..00000000000 --- a/packages/cef/kibana/visualization/cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Unique Destinations and Ports by Source [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "title": "Unique Destinations and Ports by Source [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-270139ff-fc2f-4fca-b241-93a8f57cdcdf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json b/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json deleted file mode 100644 index e10f3cbe7c7..00000000000 --- a/packages/cef/kibana/visualization/cef-2726382e-638a-4dcc-94fc-0ffdc0f92048.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 15 Event Types by Events [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2726382e-638a-4dcc-94fc-0ffdc0f92048", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json b/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json deleted file mode 100644 index 15b850b85d6..00000000000 --- a/packages/cef/kibana/visualization/cef-291cd92f-52c4-421b-b354-468318ba3e65.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-291cd92f-52c4-421b-b354-468318ba3e65", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json b/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json deleted file mode 100644 index 84b4e12ce48..00000000000 --- a/packages/cef/kibana/visualization/cef-295986d4-d2ea-4541-8e82-7dc95c0cd830.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Event [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-295986d4-d2ea-4541-8e82-7dc95c0cd830", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json b/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json deleted file mode 100644 index aae5bc30168..00000000000 --- a/packages/cef/kibana/visualization/cef-2a0a7692-9a08-449f-bcef-b85de1855fd5.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint - Average EPS [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint - Average EPS [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2a0a7692-9a08-449f-bcef-b85de1855fd5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json b/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json deleted file mode 100644 index 9f1bfa0f2b6..00000000000 --- a/packages/cef/kibana/visualization/cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Behaviors by Outcome [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 20 Behaviors by Outcome [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2b96deab-dbf1-4be3-ae70-1bfb6c3fbd2a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json b/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json deleted file mode 100644 index a101255f21d..00000000000 --- a/packages/cef/kibana/visualization/cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Source Countries [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 5 Source Countries [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-2ecd00c0-66f4-4020-9c6e-dff40d47654c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json b/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json deleted file mode 100644 index a5b9787191e..00000000000 --- a/packages/cef/kibana/visualization/cef-316fdc75-7215-4c6b-8e1b-70a097b34e28.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Sources by Destinations [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-316fdc75-7215-4c6b-8e1b-70a097b34e28", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json b/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json deleted file mode 100644 index cd7ed7854a6..00000000000 --- a/packages/cef/kibana/visualization/cef-33290695-4eb1-4270-9e63-7083e7b132ed.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events Types by Severity [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events Types by Severity [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-33290695-4eb1-4270-9e63-7083e7b132ed", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json b/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json deleted file mode 100644 index 704eb7201b1..00000000000 --- a/packages/cef/kibana/visualization/cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Network - Event Throughput [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-33747d52-ec4c-4d91-86d8-fbdf9b9c82db", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json b/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json deleted file mode 100644 index de558bce467..00000000000 --- a/packages/cef/kibana/visualization/cef-38061262-edbe-4ccc-8c5c-d22c480b3c64.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Application Protocols [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Application Protocols [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-38061262-edbe-4ccc-8c5c-d22c480b3c64", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json b/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json deleted file mode 100644 index 21386c53b13..00000000000 --- a/packages/cef/kibana/visualization/cef-38fd061a-0976-4005-b0d3-729d693cdd5d.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Direction [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "be556a57-cd1c-496c-8714-0bd210947c85", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "filter": { - "language": "lucene", - "query": "device" - }, - "formatter": "number", - "id": "9aae7344-9de9-4378-b21d-296cb964f93b", - "label": "Inbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "1cd0b964-45cf-408e-a7e4-e26955f8a3b0", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "id": "f860f6e0-fbd4-4949-8046-6300322dfe84", - "label": "Inbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": "0.2", - "formatter": "number", - "id": "ed1abe18-e01b-4202-9db4-06fda10692e0", - "label": "Outbound Requests", - "line_width": 1, - "metrics": [ - { - "id": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "type": "count" - }, - { - "id": "6bc37118-ddac-41ec-85b3-9db7e1b3636b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "cfbcfc79-394b-4ec0-a2c2-7a47177d6469", - "id": "f73f4f22-03d5-446a-b031-04eee531e3cc", - "name": "outbound" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(211,49,21,1)", - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "id": "a9c50e1b-8f11-4bc2-9077-bb8870ed0b62", - "label": "Outbound Requests" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Direction [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-38fd061a-0976-4005-b0d3-729d693cdd5d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json b/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json deleted file mode 100644 index 719788cfc07..00000000000 --- a/packages/cef/kibana/visualization/cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Type Breakdown [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Device Type Breakdown [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-3c19f138-2ab3-4ecb-bb1b-86fb90158042", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json b/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json deleted file mode 100644 index 6cefab46d78..00000000000 --- a/packages/cef/kibana/visualization/cef-490c415c-b859-4ed0-a2a4-5c4968084985.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types by Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] - }, - "title": "Event Types by Size [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-490c415c-b859-4ed0-a2a4-5c4968084985", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json b/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json deleted file mode 100644 index 383f61d0343..00000000000 --- a/packages/cef/kibana/visualization/cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcomes [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcomes [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4970ec04-796a-4c0e-90d9-7e23d0b7e48d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json b/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json deleted file mode 100644 index 67eabeb364d..00000000000 --- a/packages/cef/kibana/visualization/cef-499f50ba-2f84-4f7c-9021-73a4efc47921.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcome [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" - } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" - }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "cef.extensions.categoryOutcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcome [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-499f50ba-2f84-4f7c-9021-73a4efc47921", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json b/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json deleted file mode 100644 index f1787d1acc7..00000000000 --- a/packages/cef/kibana/visualization/cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destinations [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4a7c10c7-4abd-47b4-b4c3-dee33377fbdf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json b/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json deleted file mode 100644 index 4f8adcffeeb..00000000000 --- a/packages/cef/kibana/visualization/cef-4c86b51e-6886-4484-98a2-508e92b455bb.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint OS Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Outcomes", - "field": "event.outcome" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "20", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint OS Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4c86b51e-6886-4484-98a2-508e92b455bb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json b/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json deleted file mode 100644 index cdd54f42732..00000000000 --- a/packages/cef/kibana/visualization/cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Sources [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-4e25b5ce-53c3-46fc-b5e5-71d3c52f1956", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json b/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json deleted file mode 100644 index dcdaab4a185..00000000000 --- a/packages/cef/kibana/visualization/cef-535a7bf8-a701-4016-86c0-038bc6d9d069.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Events [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Events [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-535a7bf8-a701-4016-86c0-038bc6d9d069", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json b/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json deleted file mode 100644 index 074ad5c3689..00000000000 --- a/packages/cef/kibana/visualization/cef-56247c19-7aa5-475d-b074-5b0cd4794f0c.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Users [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-56247c19-7aa5-475d-b074-5b0cd4794f0c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json b/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json deleted file mode 100644 index ae1c1365be4..00000000000 --- a/packages/cef/kibana/visualization/cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 18k": "rgb(247,251,255)", - "108k - 126k": "rgb(74,152,201)", - "126k - 144k": "rgb(46,126,188)", - "144k - 162k": "rgb(23,100,171)", - "162k - 180k": "rgb(8,74,145)", - "18k - 36k": "rgb(227,238,249)", - "36k - 54k": "rgb(208,225,242)", - "54k - 72k": "rgb(182,212,233)", - "72k - 90k": "rgb(148,196,223)", - "90k - 108k": "rgb(107,174,214)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "label": "Inbound" - }, - { - "input": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "label": "Outbound" - } - ] - }, - "schema": "segment", - "type": "filters" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Blues", - "colorsNumber": 10, - "colorsRange": [ - { - "from": 0, - "to": null - } - ], - "enableHover": true, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top Destinations by Traffic Size [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-566d8b4e-ec5c-4b8b-bd68-3cc9cb236110", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json b/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json deleted file mode 100644 index 284b53f6a5d..00000000000 --- a/packages/cef/kibana/visualization/cef-589fec8c-336e-4122-8fef-a450bddf84f6.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Addresses [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-589fec8c-336e-4122-8fef-a450bddf84f6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json b/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json deleted file mode 100644 index 34f4356a59b..00000000000 --- a/packages/cef/kibana/visualization/cef-59ad829b-12b8-4256-95a5-e7078eda628b.json +++ /dev/null @@ -1,199 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "cef.extensions.categoryBehavior" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Source Users by Event Type and Destination Users [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-59ad829b-12b8-4256-95a5-e7078eda628b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json b/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json deleted file mode 100644 index 1d491cba80b..00000000000 --- a/packages/cef/kibana/visualization/cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes by User Names [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Informational": "#7EB26D", - "/Informational/Warning": "#EF843C", - "/Success": "#64B0C8", - "Anti-Virus": "#B7DBAB", - "Host-based IDS/IPS": "#629E51", - "Log Consolidator": "#E0F9D7", - "Operating System": "#3F6833", - "Recon": "#BF1B00", - "Security Mangement": "#CFFAFF" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Outcomes by User Names [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-5bf6e4dc-4273-4e1e-a803-04347eebeb53", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json b/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json deleted file mode 100644 index 553391cc263..00000000000 --- a/packages/cef/kibana/visualization/cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00.json +++ /dev/null @@ -1,201 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Events by Source and Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Events by Source and Destination Users [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-5f187dc8-aa7e-4f91-a2d8-1186ce254d00", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json b/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json deleted file mode 100644 index c7b70db2c78..00000000000 --- a/packages/cef/kibana/visualization/cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Network - Event Throughput [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "8d4596c5-49ad-429b-af54-5451b1c2e8d4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "type": "cumulative_sum" - }, - { - "field": "ca3a65d0-9f3d-42a9-9f4e-16f9e24cba19", - "id": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "6db67bc1-7fff-47e7-a931-f797b1f76732", - "gamma": 0.3, - "id": "92bc1447-2b30-498c-ae8a-c67904fc82b2", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Network - Event Throughput [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-62b06e9a-b8d2-4dfe-8dc6-4378331520aa", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json b/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json deleted file mode 100644 index 4e3ddb3e435..00000000000 --- a/packages/cef/kibana/visualization/cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Source Users by Destination Users [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-6437e9bb-9ed1-4e2d-bb10-e63ccd35c409", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json b/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json deleted file mode 100644 index 33564a0204a..00000000000 --- a/packages/cef/kibana/visualization/cef-655beadd-2678-4495-8793-72b5780f6283.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Addresses [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-655beadd-2678-4495-8793-72b5780f6283", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json b/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json deleted file mode 100644 index e8c067d2e0e..00000000000 --- a/packages/cef/kibana/visualization/cef-677891a1-90c4-4273-b126-f0e54689bd76.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-677891a1-90c4-4273-b126-f0e54689bd76", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json b/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json deleted file mode 100644 index 3e60d25e70a..00000000000 --- a/packages/cef/kibana/visualization/cef-718b074e-3dd1-4d03-ba11-7f869cdcd703.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "fd1ffeb6-678e-4163-9421-6a164fd59048", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(254,37,37,1)", - "fill": "0", - "formatter": "number", - "id": "6a10f77d-4e26-4b27-9c19-f1b0029b075b", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "845b9164-65f4-4599-b9cc-8d91b6ba8d83", - "gamma": 0.3, - "id": "59675e84-1a8e-41df-9f63-875109bd795a", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" " - }, - "id": "d9a580c3-eb83-4d20-a391-0934d7df8837", - "label": "Operating System" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": " cef.extensions.categoryDeviceGroup:\"/IDS/Host\"" - }, - "id": "9ce8be14-6191-4c9a-a679-e3992fdab8d2", - "label": "Host IDS" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "id": "262ecd54-a042-4bfb-b489-d7db8431c36e", - "label": "Application" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "92e98952-8e25-472f-abb5-05a7d9b830ea", - "label": "Moving Average by Device HostNames", - "line_width": 1, - "metrics": [ - { - "id": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "3df841a9-5997-4a1a-ad8f-69620d23e65b", - "gamma": 0.3, - "id": "9765367a-0fc2-45ba-88a8-e87991210edd", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-718b074e-3dd1-4d03-ba11-7f869cdcd703", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json b/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json deleted file mode 100644 index 7e0a0b41e91..00000000000 --- a/packages/cef/kibana/visualization/cef-7454c034-c5f3-48fe-8fce-ef4385c80350.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7454c034-c5f3-48fe-8fce-ef4385c80350", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json b/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json deleted file mode 100644 index 9a220290397..00000000000 --- a/packages/cef/kibana/visualization/cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Source Countries [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 5 Source Countries [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-74d2c072-6dfd-4249-8e63-dc7b0cf3c960", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json b/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json deleted file mode 100644 index 05225db7133..00000000000 --- a/packages/cef/kibana/visualization/cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Event Types [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 50, - "minFontSize": 12, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Event Types [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-759e8dc3-0fdb-4cb6-ba47-87a2e2ff8df3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json b/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json deleted file mode 100644 index dc3d164f282..00000000000 --- a/packages/cef/kibana/visualization/cef-769e3f37-2b08-4edb-9013-09140a520e69.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Addresses [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-769e3f37-2b08-4edb-9013-09140a520e69", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json b/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json deleted file mode 100644 index 821db3719cf..00000000000 --- a/packages/cef/kibana/visualization/cef-76c088c3-486e-4420-8840-5ede667edffe.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "ce9549a0-3af0-4070-b169-4b6d145d4c39" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "94161c6c-4f48-4beb-9d78-f79f29c02a34", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "type": "cumulative_sum" - }, - { - "field": "89f8286e-4aec-4cb4-83ad-b139692edf3d", - "id": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "1df39e5f-3e98-4ed7-ab08-47f3ca2ee915", - "gamma": 0.3, - "id": "f46a6e6e-444f-4c7e-b5eb-e1a59568f2eb", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "offset_time": "1m", - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint - OS Average EPS [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-76c088c3-486e-4420-8840-5ede667edffe", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json b/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json deleted file mode 100644 index 6fe585ae2d7..00000000000 --- a/packages/cef/kibana/visualization/cef-77ee0e91-010b-4897-b483-7e9a907d2afe.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Behaviors by Outcome [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-77ee0e91-010b-4897-b483-7e9a907d2afe", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json b/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json deleted file mode 100644 index 1a0111469d7..00000000000 --- a/packages/cef/kibana/visualization/cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 15 Event Types by Events [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Types", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Source Hosts", - "field": "source.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Hosts", - "field": "destination.domain" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 15, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 15 Event Types by Events [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7dc26e6f-76d4-4454-99a9-6ccbba8948f0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json b/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json deleted file mode 100644 index 73225f25f4a..00000000000 --- a/packages/cef/kibana/visualization/cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "DNS - Event Throughput [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "DNS - Event Throughput [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-7e2b0659-0760-4182-8b29-3ee69f26bc6f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json b/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json deleted file mode 100644 index ed9bf58c550..00000000000 --- a/packages/cef/kibana/visualization/cef-82a333a7-d9d3-4752-b564-160d4b9f188b.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Sources by Destinations [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Host", - "field": "source.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Host", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Sources by Destinations [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-82a333a7-d9d3-4752-b564-160d4b9f188b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json b/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json deleted file mode 100644 index b82be49e174..00000000000 --- a/packages/cef/kibana/visualization/cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Addresses [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-82f3fae3-1189-4f04-8ea5-47fde1d2e7b1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json b/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json deleted file mode 100644 index c9ae50e1d97..00000000000 --- a/packages/cef/kibana/visualization/cef-841a5d3f-c201-4499-a0fd-883247360640.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Devices by Outcome [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-841a5d3f-c201-4499-a0fd-883247360640", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json b/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json deleted file mode 100644 index ee98ca2a874..00000000000 --- a/packages/cef/kibana/visualization/cef-85818e02-7a16-4afa-8278-99c4059ddd82.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Bandwidth [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Devices by Bandwidth [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-85818e02-7a16-4afa-8278-99c4059ddd82", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json b/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json deleted file mode 100644 index 88a97165a69..00000000000 --- a/packages/cef/kibana/visualization/cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5.json +++ /dev/null @@ -1,199 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Source Users by Event Type and Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Types", - "field": "event.action" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination User Names", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Users" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Event Types" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination User Names" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Source Users by Event Type and Destination Users [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-868d68b5-3e62-4fc2-b942-fbb69a7c91d5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json b/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json deleted file mode 100644 index 05b13544355..00000000000 --- a/packages/cef/kibana/visualization/cef-86bd5f13-ca6b-43fa-b209-54e7460344bb.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Addresses [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-86bd5f13-ca6b-43fa-b209-54e7460344bb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json b/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json deleted file mode 100644 index 10491c9764f..00000000000 --- a/packages/cef/kibana/visualization/cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destinations by Size [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destinations", - "field": "destination.domain", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Destinations by Size [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8869f0bb-b8a3-4e6b-b3c4-3cc80b67b3da", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5a3668ef-c2d5-4bd3-a545-e2a9963b721c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json b/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json deleted file mode 100644 index b182815e69e..00000000000 --- a/packages/cef/kibana/visualization/cef-89998099-9a39-44cf-beba-5b97f0524cf9.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes Breakdown [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Attempt": "#3F2B5B", - "/Failure": "#BF1B00" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes Breakdown [Logs CEF ArcSight]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-89998099-9a39-44cf-beba-5b97f0524cf9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json b/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json deleted file mode 100644 index d37d45ed9fb..00000000000 --- a/packages/cef/kibana/visualization/cef-8cd00d20-957d-4663-be4d-ea80b1609586.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Source Users [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8cd00d20-957d-4663-be4d-ea80b1609586", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json b/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json deleted file mode 100644 index dfd89566ad7..00000000000 --- a/packages/cef/kibana/visualization/cef-8f38607c-eb10-410e-aec5-15d8b474211e.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source Addresses [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source Addresses [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8f38607c-eb10-410e-aec5-15d8b474211e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json b/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json deleted file mode 100644 index 9a3bf7fde5f..00000000000 --- a/packages/cef/kibana/visualization/cef-8f6075c5-f525-4173-92a4-3a56e96e362d.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Events [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-8f6075c5-f525-4173-92a4-3a56e96e362d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json b/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json deleted file mode 100644 index 37ee9b1de2e..00000000000 --- a/packages/cef/kibana/visualization/cef-92aecea0-a632-4a55-bb56-50e4cdaca036.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 5 Vendors by Product [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-92aecea0-a632-4a55-bb56-50e4cdaca036", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json b/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json deleted file mode 100644 index fc65f8d9d5b..00000000000 --- a/packages/cef/kibana/visualization/cef-9457ee67-895f-4b78-a543-268f9687a745.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint Average EPS [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Operating System\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Host\" OR cef.extensions.categoryDeviceGroup:\"/Application\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint Average EPS [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9457ee67-895f-4b78-a543-268f9687a745", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json b/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json deleted file mode 100644 index 3112a916cd3..00000000000 --- a/packages/cef/kibana/visualization/cef-98729301-9b46-4169-b99e-1392af8fa563.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Countries by Event [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 35 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Source Countries by Event [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-98729301-9b46-4169-b99e-1392af8fa563", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json b/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json deleted file mode 100644 index ff1acb311ce..00000000000 --- a/packages/cef/kibana/visualization/cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Severity [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "0ca18a89-9c81-4bee-835a-85e6103aec37" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "hide_last_value_indicator": true, - "id": "c39a76e5-f613-41a9-8335-c442747791e0", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "0.0[0]a", - "id": "da3b92b4-2c24-473b-9102-fb5a343a96d9", - "label": "Event by Severities", - "line_width": 1, - "metrics": [ - { - "id": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "type": "count" - }, - { - "field": "0d189776-3f7c-4a92-95b1-73c379a341fc", - "id": "1b1c931c-a09b-4980-af81-6f9c3db56401", - "sigma": "", - "type": "sum_bucket" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,204,202,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Low\" OR severity:\"0\"" - }, - "id": "ebe970ac-5cc9-4c4a-af60-82affafc667c", - "label": "LOW" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Medium\"" - }, - "id": "0c4ff16a-b53d-4ce4-af76-d6b74d8788db", - "label": "MEDIUM" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "severity:\"High\"" - }, - "id": "e142c55b-6ee5-416a-8bd3-d10398044864", - "label": "HIGH" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "severity:\"Very-High\"" - }, - "id": "4b05b562-c419-4214-b814-d4c242251521", - "label": "VERY HIGH" - } - ], - "split_mode": "filters", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Events by Severity [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-9bef4db9-a8b2-4be8-b2b0-6ea02fab424d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json b/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json deleted file mode 100644 index 8efe5320bfa..00000000000 --- a/packages/cef/kibana/visualization/cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2.json +++ /dev/null @@ -1,201 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Events by Source and Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timestamp", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Users", - "field": "source.user.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Timestamp" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Event Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Source Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - }, - { - "data": { - "id": "4", - "label": "Destination Users" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Events by Source and Destination Users [Logs CEF]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a52d1fe2-6933-48bd-b079-61f6e2dc05c2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json b/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json deleted file mode 100644 index d84cf1eb3bc..00000000000 --- a/packages/cef/kibana/visualization/cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Source Countries [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 20 Source Countries [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a5e56e2a-b807-4fd7-92c2-9da42134e0a9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json b/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json deleted file mode 100644 index 5583b4eb124..00000000000 --- a/packages/cef/kibana/visualization/cef-a729c249-8d34-4eb1-bbb0-5d25cf224114.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0% - 17%": "rgb(255,255,204)", - "17% - 34%": "rgb(255,230,146)", - "34% - 50%": "rgb(254,191,90)", - "50% - 67%": "rgb(253,141,60)", - "67% - 84%": "rgb(244,61,37)", - "84% - 100%": "rgb(202,8,35)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device Host Names", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 6, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": true, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Devices by Outcome [Logs CEF ArcSight]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a729c249-8d34-4eb1-bbb0-5d25cf224114", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json b/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json deleted file mode 100644 index c145bc62216..00000000000 --- a/packages/cef/kibana/visualization/cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" - } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-a97e3628-022b-46cf-8f29-a73cf9bb4e26", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json b/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json deleted file mode 100644 index 02f6855a893..00000000000 --- a/packages/cef/kibana/visualization/cef-acc915fe-b971-4795-9040-3fbfdf62abe1.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Users [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Users [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-acc915fe-b971-4795-9040-3fbfdf62abe1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json b/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json deleted file mode 100644 index e273fb45445..00000000000 --- a/packages/cef/kibana/visualization/cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b1002b5c-08fc-4bbe-b9a0-6243a8637e60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json b/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json deleted file mode 100644 index 4b50c94f20b..00000000000 --- a/packages/cef/kibana/visualization/cef-b25e0340-0e97-4849-9b89-959b9ad8c958.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "DNS - Event Throughput [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "3eadd451-5033-423f-88e3-814cc5e50b50" - } - ], - "bar_color_rules": [ - { - "id": "fa374805-d1ca-4261-b723-9b482a7dd43a" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "gauge_color_rules": [ - { - "gauge": null, - "id": "4d957654-cc7e-4ef3-8b29-61c0aeadd51a", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "73968651-c41e-473e-a153-a025f49d1a1b", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "90d7621e-3265-4fe8-8882-8df9605ea659", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "type": "count" - }, - { - "field": "ba1830b9-9ce3-4bf1-8f4d-f7478b7f1bba", - "id": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "type": "cumulative_sum" - }, - { - "field": "cf3e6b1c-4136-4868-913e-0e82d88a8c9c", - "id": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "0e407985-9ae4-4c1f-bb0e-16cd9bef7611", - "gamma": 0.3, - "id": "48026f85-83c8-40e6-aff4-71f3bd6c77c9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "DNS - Event Throughput [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b25e0340-0e97-4849-9b89-959b9ad8c958", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json b/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json deleted file mode 100644 index 923156193fc..00000000000 --- a/packages/cef/kibana/visualization/cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Endpoint Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Port", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Endpoint Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b4a28b54-9adb-4c4b-8ae6-158dfeb673ce", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json b/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json deleted file mode 100644 index 9896195c51a..00000000000 --- a/packages/cef/kibana/visualization/cef-b4ac112e-809a-437d-a805-3ff44a67c21c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Source Users by Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Users", - "field": "source.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 10 Source Users by Destination Users [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b4ac112e-809a-437d-a805-3ff44a67c21c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json b/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json deleted file mode 100644 index 2d87157b237..00000000000 --- a/packages/cef/kibana/visualization/cef-b7227081-e125-49cb-a580-1be363f06be0.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Ports [Logs CEF]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Ports [Logs CEF]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-b7227081-e125-49cb-a580-1be363f06be0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json b/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json deleted file mode 100644 index 2c275406bfb..00000000000 --- a/packages/cef/kibana/visualization/cef-baa6c9ee-dffe-4ea5-bedd-91962700f450.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device Types [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" - } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device Types [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-baa6c9ee-dffe-4ea5-bedd-91962700f450", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json b/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json deleted file mode 100644 index bf0b9c06482..00000000000 --- a/packages/cef/kibana/visualization/cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Users [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Users", - "field": "destination.user.name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 60, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Users [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-bd35faa9-492e-4abe-9bf1-2d3c0d98171d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json b/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json deleted file mode 100644 index 28573ff259f..00000000000 --- a/packages/cef/kibana/visualization/cef-c394e650-b16c-407c-b305-bd409d69d433.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-dd0bc9af-2e89-4150-9b42-62517ea56b71) | [Network Suspicious Activity](#/dashboard/cef-db1e1aca-279e-4ecc-b84e-fe58644f7619) | [Endpoint Overview](#dashboard/cef-c10ce1cf-f6b8-4de4-8715-2cb5f6770b3b) | [Endpoint OS Activity](#/dashboard/cef-9e352900-89c3-4c1b-863e-249e24d0dac9) | [Microsoft DNS Overview](#/dashboard/cef-56428e01-0c47-4770-8ba4-9345a029ea41)" - }, - "title": " Dashboard Navigation [Logs CEF ArcSight]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c394e650-b16c-407c-b305-bd409d69d433", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json b/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json deleted file mode 100644 index ac1fc1fbcb3..00000000000 --- a/packages/cef/kibana/visualization/cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Port [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Port [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-c5120e27-1f8c-41e3-83ee-78ec4d470c2f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json b/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json deleted file mode 100644 index be0214483c7..00000000000 --- a/packages/cef/kibana/visualization/cef-cbde6788-7371-4712-b2e0-3eb07e0841f4.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Destination Ports [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "Top 10 Destination Ports [Logs CEF]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-cbde6788-7371-4712-b2e0-3eb07e0841f4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json b/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json deleted file mode 100644 index e9a8fa58bc6..00000000000 --- a/packages/cef/kibana/visualization/cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Behaviors by Outcome [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 9,000": "rgb(255,255,204)", - "18,000 - 27,000": "rgb(254,225,135)", - "27,000 - 36,000": "rgb(254,201,101)", - "36,000 - 45,000": "rgb(254,171,73)", - "45,000 - 54,000": "rgb(253,141,60)", - "54,000 - 63,000": "rgb(252,91,46)", - "63,000 - 72,000": "rgb(237,47,34)", - "72,000 - 81,000": "rgb(212,16,32)", - "81,000 - 90,000": "rgb(176,0,38)", - "9,000 - 18,000": "rgb(255,241,170)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "event.action", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "#555", - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Top 10 Behaviors by Outcome [Logs CEF]", - "type": "heatmap" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-cc7f89bc-22ad-4778-9c9f-1873ff38750b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json b/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json deleted file mode 100644 index 8d7f74e0b44..00000000000 --- a/packages/cef/kibana/visualization/cef-d02dd523-ce91-40e9-9209-83797f80ed45.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source Addresses [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "a0bf5a1d-8ebf-49d4-a347-738a6ce20562" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "gauge_color_rules": [ - { - "id": "42f84a0a-ee13-4ca8-b61d-3de482ae4ab0" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\" " - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "117fde19-e227-4fcb-8019-e82e6677c340", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostmessage", - "terms_order_by": null, - "value_template": "{{value}}" - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "0.5", - "formatter": "number", - "id": "3ffe652e-43c2-4a1d-ad8a-f7ab10f09f2b", - "label": "Top Source Addresses", - "line_width": "0", - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "b753ad38-c3ed-4463-8f6d-176f4d477897", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "source.ip", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source Addresses [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d02dd523-ce91-40e9-9209-83797f80ed45", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json b/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json deleted file mode 100644 index 9ca3d9d2d52..00000000000 --- a/packages/cef/kibana/visualization/cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF ArcSight]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d061c7a9-7f92-4bf4-b35c-499b9f4b987a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json b/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json deleted file mode 100644 index 6bfca2012e1..00000000000 --- a/packages/cef/kibana/visualization/cef-d2332147-4293-4422-930b-0a319ebeb958.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Vendors by Product [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "OS Vendor", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "OS Product", - "field": "cef.device.product", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 5 Vendors by Product [Logs CEF]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d2332147-4293-4422-930b-0a319ebeb958", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-46204a7b-ca56-4ad7-bf60-5ef9c6b83042", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json b/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json deleted file mode 100644 index 5cc53570d55..00000000000 --- a/packages/cef/kibana/visualization/cef-d3ce586b-d372-4e03-9c19-b768b1b953f3.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Outcome [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "bar_color": null, - "id": "23db5bf6-f787-474e-86ab-76362432e984", - "value": 0 - } - ], - "drilldown_url": "", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "(cef.extensions.categoryDeviceGroup:\"/Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\") AND _exists_:cef.extensions.categoryOutcome" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "c43af7e6-3f06-48a4-a7c3-7ba8bd6214f9", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "4c7aac7d-2749-41b6-8136-40dc8636a7e7", - "label": "Firewall" - } - ], - "split_mode": "filter", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(104,188,0,1)", - "fill": "1", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Event Outcome", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(104,188,0,0.35)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Success\"" - }, - "id": "cb1ae397-13a0-4b6f-a848-bcdc96870f05", - "label": "Success" - }, - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Failure\"" - }, - "id": "ef021c15-1b95-4334-bc3c-e2950e9b0f6f", - "label": "Failure" - }, - { - "color": "rgba(0,156,224,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryOutcome:\"/Attempt\"" - }, - "id": "2ff1e859-b178-4824-a0f2-69a115932b98", - "label": "Attempt" - } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "event.outcome", - "terms_size": "3" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Outcome [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d3ce586b-d372-4e03-9c19-b768b1b953f3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json b/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json deleted file mode 100644 index aa5a727791c..00000000000 --- a/packages/cef/kibana/visualization/cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "query_string": { - "query": "*" - } - } - } - }, - "title": " Dashboard Navigation [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Network Overview](#/dashboard/cef-4f045e14-8e20-47ed-a6d1-219dd3c8ed5c) | [Network Suspicious Activity](#/dashboard/cef-04749697-de8d-49b3-8eca-c873ab2c5ac9) | [Endpoint Overview](#dashboard/cef-a0030996-9c7b-4f66-bd5a-59b23a7e7c15) | [Endpoint Activity](#/dashboard/cef-85d71d6a-69fc-46a5-bf38-f94c177fbabf) | [Microsoft DNS Overview](#/dashboard/cef-607f756e-288d-499a-8f8a-33791354ffaf)" - }, - "title": " Dashboard Navigation [Logs CEF]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d42600fb-ea45-4dc9-a5d2-dd6a502fb76e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json b/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json deleted file mode 100644 index 53e6a17408b..00000000000 --- a/packages/cef/kibana/visualization/cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Metrics Overview [Logs CEF]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Devices", - "field": "observer.hostname" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "30", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "12", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Device Metrics Overview [Logs CEF]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d7d7bd9e-c767-428c-b7de-d09f9d87f652", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-357351f2-fbd1-41b6-9b03-592fbb7aec7c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json b/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json deleted file mode 100644 index 68431a38a10..00000000000 --- a/packages/cef/kibana/visualization/cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Size [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" - }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Size [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-d85b0ce0-4fa7-4fe5-9fe1-41cf40606ef3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json b/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json deleted file mode 100644 index f6aacf65f4c..00000000000 --- a/packages/cef/kibana/visualization/cef-daa1fe0b-a698-4429-8e5d-db251502276c.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Bandwidth Utilization [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "" - }, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "d27f09dc-b07e-493f-a223-a85033ad6548", - "label": "Inbound", - "line_width": 1, - "metrics": [ - { - "field": "source.bytes", - "id": "9ce9ec3a-2f11-4935-91b2-531494d2a619", - "type": "sum" - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_order_by": "_count" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "b1ef2c75-5916-469d-8790-5b213367a5a0", - "label": "Outbound", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "type": "sum" - }, - { - "id": "2a6b00bf-1658-4d02-b4e2-61ad6e4c3a9b", - "script": "params.outbound \u003e 0 ? params.outbound * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "11b1852f-9b62-4e96-8128-522e6c5bf16d", - "id": "c57067f2-2927-41d8-97f4-9f47b3b3bcae", - "name": "outbound" - } - ] - } - ], - "override_index_pattern": 1, - "point_size": 1, - "seperate_axis": 0, - "series_drop_last_bucket": 1, - "series_index_pattern": "logs-*", - "series_time_field": "@timestamp", - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "steps": 0 - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Bandwidth Utilization [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-daa1fe0b-a698-4429-8e5d-db251502276c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json b/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json deleted file mode 100644 index 9053cca57a0..00000000000 --- a/packages/cef/kibana/visualization/cef-dd339ff5-6b26-4455-ae06-f3b5591479e3.json +++ /dev/null @@ -1,149 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcomes Breakdown [Logs CEF]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "unknown": "#3F2B5B" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Time", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Time" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcomes Breakdown [Logs CEF]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-dd339ff5-6b26-4455-ae06-f3b5591479e3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-41770860-2a81-4ce7-b8b4-a0c6970725b0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json b/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json deleted file mode 100644 index 85d28f64008..00000000000 --- a/packages/cef/kibana/visualization/cef-df056709-2deb-4363-ae7a-b0148ea456c6.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcome [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Protocols", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Protocols" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcome [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-df056709-2deb-4363-ae7a-b0148ea456c6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json b/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json deleted file mode 100644 index c6b25abed1e..00000000000 --- a/packages/cef/kibana/visualization/cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Behavior", - "field": "cef.extensions.categoryBehavior", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Top 20 Behaviors by Outcome [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e06d85f2-2da4-41e2-b2ab-f685b64bb3f9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-e6cf2383-71f4-4db1-a791-1a7d4f110194", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json b/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json deleted file mode 100644 index 675e6a5f437..00000000000 --- a/packages/cef/kibana/visualization/cef-e513c269-350c-40c3-ac20-16c5782103b8.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Device Types [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(211,49,21,1)", - "fill": "0", - "filter": "", - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "78bfdf07-ec02-4dd8-8ff4-b7e250c561c2", - "label": "Firewall" - } - ], - "split_mode": "everything", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(251,158,0,1)", - "fill": 0.5, - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Top Device Types by Mvg Averages", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.extensions.categoryDeviceType", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Device Types [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e513c269-350c-40c3-ac20-16c5782103b8", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json b/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json deleted file mode 100644 index c3c5b729389..00000000000 --- a/packages/cef/kibana/visualization/cef-e89a64e8-928c-41fc-8745-3c8157b21cdb.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Device", - "field": "observer.hostname", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source(s)", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Destination(s)", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bandwidth (Incoming)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bandwidth (Outgoing)", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 10 Devices by Bandwidth [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-e89a64e8-928c-41fc-8745-3c8157b21cdb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json b/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json deleted file mode 100644 index 46e33f4e890..00000000000 --- a/packages/cef/kibana/visualization/cef-efa710e7-907c-4723-92cd-2bd2276f44dd.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Source [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color": null, - "background_color_rules": [ - { - "id": "2fddda5e-d6fc-4581-bbb7-574e1017ae8f" - } - ], - "bar_color_rules": [ - { - "id": "23db5bf6-f787-474e-86ab-76362432e984" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceType:\"Firewall\" OR cef.extensions.categoryDeviceGroup:\"/IDS/Network\" OR cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "gauge_color_rules": [ - { - "id": "3ed9a6b9-fd2e-4e0d-bd83-7ad467b3c8a4" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "ec53a1d3-213c-4b0f-a074-5005a84cdb83", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": "0", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "formatter": "number", - "id": "04c44192-1112-4515-a8d9-e9e13215aecf", - "label": "Events", - "line_width": "3", - "metrics": [ - { - "id": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "c5dbb050-fc10-4a0d-abe0-bc093db6cf0e", - "gamma": 0.3, - "id": "e5a48d9d-7834-4da7-8d78-7d4528136b9b", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "sigma": "", - "type": "moving_average", - "window": "10" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/Firewall\"" - }, - "id": "0c929603-fc92-4ebc-a963-fe2795417d89", - "label": "Firewall Events" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/IDS/Network\"" - }, - "id": "7798827b-87ab-436b-9e62-9fe36143eb9b", - "label": "Intrusion Detection Events" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "cef.extensions.categoryDeviceGroup:\"/VPN\"" - }, - "id": "490f7ad7-8218-45f9-85a9-a4dd9ed7da13", - "label": "VPN" - } - ], - "split_mode": "filters", - "stacked": "none", - "steps": 0, - "terms_field": "observer.hostname", - "terms_order_by": null - }, - { - "axis_position": "left", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": "0.5", - "formatter": "number", - "id": "29d6131a-5143-4a64-b597-9538692f0269", - "label": "Moving Average by Device Hosts", - "line_width": 1, - "metrics": [ - { - "id": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "type": "count" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "dc74afdf-64ad-47d6-bbed-114e09d12255", - "gamma": 0.3, - "id": "87e21aaa-12eb-4213-bb37-41cb19219240", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "observer.hostname", - "terms_size": "10" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Source [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-efa710e7-907c-4723-92cd-2bd2276f44dd", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json b/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json deleted file mode 100644 index c17a59847a0..00000000000 --- a/packages/cef/kibana/visualization/cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Event Count" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source Address", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top 5 Sources by Destination Ports [Logs CEF ArcSight]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f03d734b-b85c-4e99-9c0e-9c89716a81f3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json b/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json deleted file mode 100644 index 8bd6d5b5cfb..00000000000 --- a/packages/cef/kibana/visualization/cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events Types by Severity [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "db54ebce-9dd2-4a1e-b476-b3ddb9a9024e", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "81da76ca-1112-4d91-82f4-c66cd3156a84", - "label": "Cumulative Bytes", - "line_width": "3", - "metrics": [ - { - "field": "source.bytes", - "id": "521d560c-321a-4410-9eb3-2b2bf3f4efee", - "type": "count" - } - ], - "point_size": "0", - "seperate_axis": 1, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "rgba(244,78,59,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\")" - }, - "id": "3f31a7e4-acf3-4f2d-8b7d-e30522325b2a", - "label": "HIGH" - }, - { - "color": "rgba(254,146,0,1)", - "filter": { - "language": "lucene", - "query": "(event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\")" - }, - "id": "7949d31b-8aae-433a-b7cf-6939a8728cc9", - "label": "MEDIUM" - }, - { - "color": "rgba(252,220,0,1)", - "filter": { - "language": "lucene", - "query": "(NOT (event.severity:\"2\" OR event.severity:\"3\" OR event.severity:\"5\" OR event.severity:\"16\" OR cef.extension.deviceCustomString4:\"SERVFAIL\" OR cef.extension.deviceCustomString4:\"NXDOMAIN\" OR cef.extension.deviceCustomString4:\"REFUSED\" OR cef.extension.deviceCustomString4:\"BADVERS\" OR cef.extension.deviceCustomString4:\"BADSIG\" OR event.severity:\"1\" OR event.severity:\"4\" OR event.severity:\"6\" OR event.severity:\"7\" OR event.severity:\"8\" OR event.severity:\"9\" OR event.severity:\"10\" OR event.severity:\"17\" OR event.severity:\"18\" OR event.severity:\"19\" OR event.severity:\"20\" OR event.severity:\"21\" OR event.severity:\"22\" OR cef.extension.deviceCustomString4:\"Error\" OR cef.extension.deviceCustomString4:\"ERROR\" OR cef.extension.deviceCustomString4:\"Warning\" OR cef.extension.deviceCustomString4:\"WARNING\" OR cef.extension.deviceCustomString4:\"FORMERR\" OR cef.extension.deviceCustomString4:\"NOTIMP\" OR cef.extension.deviceCustomString4:\"YXDOMAIN\" OR cef.extension.deviceCustomString4:\"YXRRSET\" OR cef.extension.deviceCustomString4:\"NXRRSET\" OR cef.extension.deviceCustomString4:\"NOTAUTH\" OR cef.extension.deviceCustomString4:\"NOTZONE\" OR cef.extension.deviceCustomString4:\"BADKEY\" OR cef.extension.deviceCustomString4:\"BADTIME\" OR cef.extension.deviceCustomString4:\"BADMODE\" OR cef.extension.deviceCustomString4:\"BADNAME\" OR cef.extension.deviceCustomString4:\"BADALG\" OR cef.extension.deviceCustomString4:\"BADTRUNC\"))" - }, - "id": "d2627211-5f9e-4c65-8a47-1cd6f085939d", - "label": "LOW" - } - ], - "split_mode": "filters", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "a5fda184-fdd6-4221-ab59-492eab162f0a", - "label": "Count by Event Type", - "line_width": 1, - "metrics": [ - { - "id": "e147ba1c-b13a-496f-9841-b99ddee81c5a", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cef.device.event_class_id", - "terms_size": "20" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events Types by Severity [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f0e60404-ddf4-4b46-8e45-e28c4fb6d60d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json b/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json deleted file mode 100644 index 056c89b2fca..00000000000 --- a/packages/cef/kibana/visualization/cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Events by Size [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "cef.device.product:\"DNS Trace Log\"" - }, - "id": "6e634117-6b30-411c-b74c-75510befe42f", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"0\"" - }, - "formatter": "bytes", - "id": "28b1fb5b-0f16-4519-b901-4dd2dcc39915", - "label": "Inbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "f613f33f-6459-4e46-a3a0-c36c48c46b2e", - "type": "sum" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "deviceDirection:\"1\"" - }, - "formatter": "bytes", - "id": "5a5c2529-4990-4006-b039-c94069ff6b7e", - "label": "Outbound Bytes", - "line_width": "2", - "metrics": [ - { - "field": "source.bytes", - "id": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "type": "sum" - }, - { - "id": "0aaab374-5845-44ab-94f5-ac4fab25c287", - "script": "params.outbound_bytes \u003e= 0 ? params.outbound_bytes * -1 : 0", - "type": "calculation", - "variables": [ - { - "field": "b69501e7-56d5-4c38-81d1-34d778c81e11", - "id": "23b8c41c-0e98-4ace-8bca-3593e46cd955", - "name": "outbound_bytes" - } - ] - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Events by Size [Logs CEF ArcSight]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f3c573ad-2c16-4de5-9ec3-0a47141d4fa0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json b/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json deleted file mode 100644 index 8de22436f43..00000000000 --- a/packages/cef/kibana/visualization/cef-f5258de9-71f7-410f-b713-201007f77470.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Application Protocols [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.application", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "maxFontSize": 72, - "minFontSize": 26, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "square root" - }, - "title": "Top 10 Application Protocols [Logs CEF ArcSight]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f5258de9-71f7-410f-b713-201007f77470", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json b/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json deleted file mode 100644 index fa36f8a0e16..00000000000 --- a/packages/cef/kibana/visualization/cef-f57734dd-0f32-42b4-94dd-5d597f6735e1.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Device Types by Vendor [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "Network-based IDS/IPS", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "exclude": "", - "field": "cef.device.vendor", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Device Types by Vendor [Logs CEF ArcSight]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f57734dd-0f32-42b4-94dd-5d597f6735e1", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json b/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json deleted file mode 100644 index 78390be9264..00000000000 --- a/packages/cef/kibana/visualization/cef-f856a77c-a0fd-4047-afa6-e21a912814c5.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Endpoint Average EPS [Logs CEF]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "axis_formatter": "number", - "axis_position": "left", - "bar_color_rules": [ - { - "id": "85a1c642-9781-430d-b84b-b28cb2a42fb4" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "data_stream.dataset:\"cef.log\"" - }, - "gauge_color_rules": [ - { - "id": "03a2fd72-fc9c-4582-9133-20af36217180" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "b7a85957-123e-4e25-9e8e-ff7992c9b2b9", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(0,156,224,1)", - "fill": 0.5, - "formatter": "number", - "id": "b4373ffd-9660-4206-afd6-d4867ac7dbdf", - "label": "Event Throughput", - "line_width": 1, - "metrics": [ - { - "id": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "type": "count" - }, - { - "field": "b1a48389-d799-4eba-8b98-7ee8ef0bb440", - "id": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "type": "cumulative_sum" - }, - { - "field": "7c5c44cc-17bd-4206-a100-b8996cd3d11a", - "id": "215c5225-5368-40e6-8fcd-2b0026babba0", - "type": "derivative", - "unit": "1s" - }, - { - "alpha": 0.3, - "beta": 0.1, - "field": "215c5225-5368-40e6-8fcd-2b0026babba0", - "gamma": 0.3, - "id": "f4dfe09a-e397-4287-ab99-3206516cded3", - "model_type": "simple", - "multiplicative": false, - "period": 1, - "type": "moving_average", - "window": "10" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "value_template": "{{value}} / s" - } - ], - "show_legend": 1, - "time_field": "@timestamp", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Endpoint Average EPS [Logs CEF]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-f856a77c-a0fd-4047-afa6-e21a912814c5", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json b/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json deleted file mode 100644 index 300a1130cd2..00000000000 --- a/packages/cef/kibana/visualization/cef-fa8b26c1-6973-4381-adb3-bcde0d03a520.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Addresses", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Addresses", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Source Addresses" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Addresses" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Destination Ports" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Addresses" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Destination Ports" - }, - "type": "value" - } - ] - }, - "title": "Unique Destinations and Ports by Source [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fa8b26c1-6973-4381-adb3-bcde0d03a520", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json b/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json deleted file mode 100644 index f21e80bc2c2..00000000000 --- a/packages/cef/kibana/visualization/cef-fcf798a8-db8f-4492-827b-8fa7581108a9.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types by Size [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#64B0C8", - "Total (Bytes)": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Type", - "field": "cef.device.event_class_id", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total (Bytes)", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Event Type" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "legendPosition": "right", - "orderBucketsBySum": false, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Total (Bytes)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 3, - "mode": "normal", - "show": true, - "showCircles": false, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (Bytes)" - }, - "type": "value" - } - ] - }, - "title": "Event Types by Size [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fcf798a8-db8f-4492-827b-8fa7581108a9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-f85a3444-8a43-4e46-b872-4e44bc25d0f3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json b/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json deleted file mode 100644 index 9eb620dac63..00000000000 --- a/packages/cef/kibana/visualization/cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "destination.port: Descending" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Destination Ports by Outcomes [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fe7b63d1-dbc7-4376-af7f-ace97a9f2e60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-5cede2d3-20fe-4140-add4-4c4f841b71a2", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json b/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json deleted file mode 100644 index bb9910d7572..00000000000 --- a/packages/cef/kibana/visualization/cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "uiStateJSON": { - "vis": { - "colors": { - "/Failure": "#BF1B00", - "/Success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall Types", - "field": "cef.extensions.categoryDeviceType", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Outcome", - "field": "cef.extensions.categoryOutcome", - "order": "desc", - "orderBy": "1", - "size": 3 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "rotate": 75, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Firewall Types" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "legendPosition": "right", - "orderBucketsBySum": true, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "showCircles": true, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "percentage", - "type": "square root" - }, - "show": true, - "style": {}, - "title": {}, - "type": "value" - } - ] - }, - "title": "Outcome by Device Type [Logs CEF ArcSight]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cef-fff249b2-18b6-4b48-bcf7-dd4595d111e7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cef-68202a5c-c8f2-432f-8c08-04fbfacb95c8", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index 0bbd41c2dae..b6d32236a7d 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: "2.4.0" +version: "2.4.1" release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration @@ -10,7 +10,7 @@ categories: - network - security conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: cef title: CEF logs diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index a20072c97a1..1a9e9f49528 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.10.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.10.0" changes: - description: Allow configuration of internal/external zones diff --git a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json index dad07ff5bda..460345ec5a2 100644 --- a/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json +++ b/packages/cisco_asa/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json @@ -1,176 +1,802 @@ { - "attributes": { - "description": "Sample dashboard for Cisco ASA Firewall devices", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T09:18:19.740Z", + "version": "WzU4NSwxXQ==", + "attributes": { + "description": "Sample dashboard for Cisco ASA Firewall devices", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Destination Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 12, + "x": 12, + "y": 15 }, - "panelsJSON": [ - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 12, - "x": 12, - "y": 15 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "title": "Destination Port and Transport", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "title": "Destination Port and Transport", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Source Port and Transport [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "2", - "w": 12, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "title": "Source Port and Transport", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "title": "ASA Firewall Events Over Time", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "title": "Source Port and Transport", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Events Over Time [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "title": "ASA Flows by Network Bytes", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "title": "ASA Firewall Events Over Time", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "ASA Flows by Network Bytes [Cisco]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100, + "filter": true + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "3", + "label": "Total bytes" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total bytes" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 24, - "y": 15 + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15y", + "to": "now+1y" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "title": "Blocked by Source", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Total bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "4", + "title": "ASA Flows by Network Bytes", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Firewall Blocked by Source [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": {}, - "gridData": { - "h": 15, - "i": "8", - "w": 12, - "x": 36, - "y": 15 - }, - "panelIndex": "8", - "panelRefName": "panel_5", - "title": "Top ACL by Blocked", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "9", - "w": 48, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "9", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Cisco] ASA Firewall", - "version": 1 - }, - "id": "cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 24, + "y": 15 }, - { - "id": "cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "title": "Blocked by Source", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "ASA Top ACL by Blocked [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ACL ID", + "field": "cisco.asa.rule_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "event.outcome:\"deny\"" + } + } + } + } }, - { - "id": "cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8", + "w": 12, + "x": 36, + "y": 15 }, - { - "id": "cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "name": "panel_4", - "type": "visualization" + "panelIndex": "8", + "title": "Top ACL by Blocked", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "savedVis": { + "title": "Top ASA Messages [Cisco]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ID", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "aggregate": "concat", + "customLabel": "Severity", + "field": "log.level", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "1", + "params": { + "aggregate": "concat", + "customLabel": "Sample message", + "field": "event.original", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 12, + "i": "9", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "9", + "version": "8.0.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Cisco] ASA Firewall", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 1fa1f62ad93..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "event.outcome:\"deny\"" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Top ACL by Blocked [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ACL ID", - "field": "cisco.asa.rule_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Top ACL by Blocked [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index f4a51ede5d4..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Destination Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Destination Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 01e0a561836..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Source Port and Transport [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Source Port and Transport [Cisco]", - "type": "pie" - } - }, - "id": "cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index d5cdb5af85f..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Flows by Network Bytes [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Total bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "3", - "label": "Total bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total bytes" - }, - "type": "value" - } - ] - }, - "title": "ASA Flows by Network Bytes [Cisco]", - "type": "histogram" - } - }, - "id": "cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index 4711e2a90a7..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Events Over Time [Cisco]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-15y", - "to": "now+1y" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "ASA Events Over Time [Cisco]", - "type": "histogram" - } - }, - "id": "cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index f8e790856f0..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "ASA Firewall Blocked by Source [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "ASA Firewall Blocked by Source [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json b/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json deleted file mode 100644 index e43aad55aa9..00000000000 --- a/packages/cisco_asa/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top ASA Messages [Cisco]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ID", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "aggregate": "concat", - "customLabel": "Severity", - "field": "log.level", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "1", - "params": { - "aggregate": "concat", - "customLabel": "Sample message", - "field": "event.original", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top ASA Messages [Cisco]", - "type": "table" - } - }, - "id": "cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295", - "references": [ - { - "id": "cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 2e6589090bb..345a986e752 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.10.0" +version: "2.10.1" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: "^8.1.0" screenshots: - src: /img/kibana-cisco-asa.png title: kibana cisco asa diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index c60b227019f..419701b5057 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.3.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json index 410e16011a7..d269d4f9894 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24.json @@ -1,461 +1,2611 @@ { - "attributes": { - "description": "Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwNiwxXQ==", + "attributes": { + "description": "Get a quick overview of the most important metrics from your websites and applications on the Cloudflare network.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Traffic Type [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.device_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "1", + "w": 11, + "x": 1, + "y": 26 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "1", - "w": 11, - "x": 1, - "y": 26 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 1, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Top Requested URI [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 1, - "direction": "desc" - } - } - } - }, - "gridData": { - "h": 7, - "i": "2", - "w": 23, - "x": 1, - "y": 31 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "3", - "w": 18, - "x": 29, - "y": 13 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "2", + "w": 23, + "x": 1, + "y": 31 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "4", - "w": 12, - "x": 12, - "y": 26 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 5, - "i": "5", - "w": 12, - "x": 35, - "y": 26 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "3", + "w": 18, + "x": 29, + "y": 13 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "HTTP Protocols [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "6", - "w": 11, - "x": 24, - "y": 26 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "http.version", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "4", + "w": 12, + "x": 12, + "y": 26 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Content Type [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "7", - "w": 23, - "x": 24, - "y": 31 + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.response.content_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "5", + "w": 12, + "x": 35, + "y": 26 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Request Methods [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "http.request.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "6", + "w": 11, + "x": 24, + "y": 26 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Referrer [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "8", - "w": 12, - "x": 1, - "y": 38 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.request.referrer", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "7", + "w": 23, + "x": 24, + "y": 31 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic Type [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.client.ip_class", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "8", + "w": 12, + "x": 1, + "y": 38 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Traffic IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "9", - "w": 16, - "x": 13, - "y": 38 + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9", + "w": 16, + "x": 13, + "y": 38 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "10", + "w": 18, + "x": 29, + "y": 38 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "10", - "w": 18, - "x": 29, - "y": 38 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "11", + "w": 10, + "x": 1, + "y": 9 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "11", - "w": 10, - "x": 1, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "12", + "w": 13, + "x": 11, + "y": 9 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "12", - "w": 13, - "x": 11, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cached Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "13", + "w": 11, + "x": 24, + "y": 9 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Stopped [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "13", - "w": 11, - "x": 24, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "15", + "w": 12, + "x": 35, + "y": 9 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "16", + "w": 7, + "x": 1, + "y": 0 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Web Traffic Overview - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Web Traffic Overview**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "17", + "w": 39, + "x": 8, + "y": 0 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Web Traffic Types - Text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Web Traffic Types -\nGet insight into the various types of traffic and content**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "18", + "w": 46, + "x": 1, + "y": 22 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "15", - "w": 12, - "x": 35, - "y": 9 + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "16", - "w": 7, - "x": 1, - "y": 0 + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "17", - "w": 39, - "x": 8, - "y": 0 + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "18", - "w": 46, - "x": 1, - "y": 22 + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 5, - "i": "19", - "w": 46, - "x": 1, - "y": 4 + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Traffic Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Traffic Countries Map [Cloudflare]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 9, - "i": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", - "w": 28, - "x": 1, - "y": 13 - }, - "panelIndex": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", - "type": "map", - "version": "8.0.0" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Snapshot", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-095f3a00-23d6-11e9-ba08-c19298cded24", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-08c86890-2323-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-27809b60-2326-11e9-ba08-c19298cded24", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-4d637090-2327-11e9-ba08-c19298cded24", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-04dda790-2328-11e9-ba08-c19298cded24", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern", - "type": "index-pattern" - } + } + }, + "gridData": { + "h": 5, + "i": "19", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"84e94c8e-19d9-4dfe-8e37-c43c004c3f05\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"5f05840e-eb7e-45bd-9319-e6746cc4fa49\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Traffic Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"0f8532d1-8c6a-4c1d-900e-8d6eb49112df\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Traffic Countries Map [Cloudflare]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 9, + "i": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", + "w": 28, + "x": 1, + "y": 13 + }, + "panelIndex": "bdc0fa59-ea05-4976-983a-70567c1fd2d6", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Snapshot", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "bdc0fa59-ea05-4976-983a-70567c1fd2d6:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "12:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "13:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "15:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "18:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "19:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json index 42f010edc34..b2b21c720e2 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30.json @@ -1,348 +1,7565 @@ { - "attributes": { - "description": "Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwNywxXQ==", + "attributes": { + "description": "Get insights on threats to your websites and applications, including number of threats stopped, threats over time, top threat countries, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 5, + "i": "1", + "w": 16, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Triggered [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 5, - "i": "1", - "w": 16, - "x": 1, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "2", + "w": 15, + "x": 17, + "y": 9 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Stopped [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 5, - "i": "2", - "w": 15, - "x": 17, - "y": 9 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "3", - "w": 15, - "x": 32, - "y": 9 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "3", + "w": 15, + "x": 32, + "y": 9 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Client IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "4", - "w": 16, - "x": 31, - "y": 14 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 17, - "x": 30, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 16, + "x": 31, + "y": 14 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Target URIs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 29, - "x": 1, - "y": 32 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "8", - "w": 46, - "x": 1, - "y": 40 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "http.version", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.os.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 17, + "x": 30, + "y": 32 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "9", - "w": 11, - "x": 20, - "y": 14 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 29, - "x": 1, - "y": 24 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 29, + "x": 1, + "y": 32 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Pathing Statuses [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "11", - "w": 17, - "x": 30, - "y": 24 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 3, + "direction": "desc" + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "13", - "w": 7, - "x": 1, - "y": 0 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.pathing.src", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 4, - "i": "14", - "w": 39, - "x": 8, - "y": 0 + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.pathing.op", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "cloudflare.edge.pathing.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "8", + "w": 46, + "x": 1, + "y": 40 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threat Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "15", - "w": 46, - "x": 1, - "y": 4 + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "9", + "w": 11, + "x": 20, + "y": 14 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"573a3d3e-987d-41b5-a714-2344535c0ca9\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Threat Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"25e907ec-31fb-40fe-9a10-49f002b31bf0\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}\",\"index\":\"logs-*\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Top Threat Countries Map [Cloudflare]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "240814e0-fc79-4c27-af94-fa9df006d441", - "w": 19, - "x": 1, - "y": 14 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "240814e0-fc79-4c27-af94-fa9df006d441", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (Overview)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-532a64c0-293a-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + } }, - { - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 8, + "i": "10", + "w": 29, + "x": 1, + "y": 24 }, - { - "id": "cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f", - "name": "4:panel_4", - "type": "visualization" + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Threats Stopped [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "_source": { + "excludes": [], + "includes": [ + "source.geo.region_name", + "cloudflare.client.ip_class", + "url.path", + "cloudflare.client.request.protocol", + "http.request.referrer", + "url.full", + "user_agent.original", + "cloudflare.client.ssl.cipher", + "cloudflare.client.ssl.protocol", + "cloudflare.edge.rate_limit.action", + "cloudflare.edge.response.content_type", + "cloudflare.origin.response.http.expires", + "cloudflare.origin.response.http.last_modified", + "cloudflare.origin.ssl.protocol", + "user_agent.os.full", + "user_agent.name", + "cloudflare.waf.action", + "cloudflare.waf.flags", + "cloudflare.waf.matched_var", + "cloudflare.waf.profile", + "cloudflare.waf.rule.id", + "cloudflare.waf.rule.message", + "cloudflare.worker.status", + "message", + "tags" + ] + }, + "docvalue_fields": [ + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "@version", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.response.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.cache.tiered.fill", + "format": "use_field_mapping" + }, + { + "field": "source.as.number", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_iso_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.device_type", + "format": "use_field_mapping" + }, + { + "field": "source.geo.city_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.continent_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code2", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_code3", + "format": "use_field_mapping" + }, + { + "field": "source.geo.country_name", + "format": "use_field_mapping" + }, + { + "field": "source.geo.dma_code", + "format": "use_field_mapping" + }, + { + "field": "client.ip", + "format": "use_field_mapping" + }, + { + "field": "source.geo.latitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.longitude", + "format": "use_field_mapping" + }, + { + "field": "source.geo.postal_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.region_code", + "format": "use_field_mapping" + }, + { + "field": "source.geo.timezone", + "format": "use_field_mapping" + }, + { + "field": "http.request.bytes", + "format": "use_field_mapping" + }, + { + "field": "url.domain", + "format": "use_field_mapping" + }, + { + "field": "http.request.method", + "format": "use_field_mapping" + }, + { + "field": "client.port", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.colo.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.end.timestamp", + "format": "epoch_millis" + }, + { + "field": "cloudflare.edge.pathing.op", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.src", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.pathing.status", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.rate_limit.id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.request.host", + "format": "use_field_mapping" + }, + { + "field": "destination.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.edge.response.compression_ratio", + "format": "use_field_mapping" + }, + { + "field": "http.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "observer.ip", + "format": "use_field_mapping" + }, + { + "field": "@timestamp", + "format": "epoch_millis" + }, + { + "field": "destination.ip", + "format": "use_field_mapping" + }, + { + "field": "http.response.bytes", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.status_code", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.origin.response.time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.parent.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.ray_id", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.security_level", + "format": "use_field_mapping" + }, + { + "field": "user_agent.build", + "format": "use_field_mapping" + }, + { + "field": "user_agent.device", + "format": "use_field_mapping" + }, + { + "field": "user_agent.major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.name", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_major", + "format": "use_field_mapping" + }, + { + "field": "user_agent.os_minor", + "format": "use_field_mapping" + }, + { + "field": "user_agent.patch", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.cpu_time", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.worker.subrequest_count", + "format": "use_field_mapping" + }, + { + "field": "cloudflare.zone_id", + "format": "use_field_mapping" + } + ], + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "size", + "negate": false, + "type": "custom", + "value": "50" + }, + "query": { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "should": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "bic" + } + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "hot" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "captchaFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "macro" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "jschlFail" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "zl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "us" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "rateLimit" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "unknown" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "filterBasedFirewall" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "chl" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ctry" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "term": { + "cloudflare.edge.pathing.status": { + "boost": 1, + "value": "ip" + } + } + } + ] + } + } + ] + } + }, + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "bool": { + "adjust_pure_negative": true, + "boost": 1, + "must": [ + { + "term": { + "cloudflare.edge.pathing.src": { + "boost": 1, + "value": "user" + } + } + }, + { + "term": { + "cloudflare.edge.pathing.op": { + "boost": 1, + "value": "ban" + } + } + } + ] + } + }, + { + "terms": { + "boost": 1, + "cloudflare.edge.pathing.status": [ + "ipr16", + "ipr24", + "ip6", + "ip6r64", + "ip6r48", + "ip6r32" + ] + } + } + ] + } + } + ] + } + }, + "size": 50, + "sort": [ + { + "_doc": { + "order": "asc" + } + } + ] + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 8, + "i": "11", + "w": 17, + "x": 30, + "y": 24 }, - { - "id": "cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "13", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Threats - Review threat activity - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Threats - Review threat activity**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 4, + "i": "14", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" + "gridData": { + "h": 5, + "i": "15", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"573a3d3e-987d-41b5-a714-2344535c0ca9\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"4d50c3a6-72f9-46f4-bb21-4d54fe1c9842\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Top Threat Countries Map [Cloudflare]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"25e907ec-31fb-40fe-9a10-49f002b31bf0\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"should\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"bic\\\"}}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"hot\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"captchaFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"macro\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"jschlFail\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"zl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"us\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"rateLimit\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"unknown\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"filterBasedFirewall\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"chl\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ctry\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.status\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ip\\\"}}}]}}]}},{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"bool\\\":{\\\"adjust_pure_negative\\\":true,\\\"boost\\\":1,\\\"must\\\":[{\\\"term\\\":{\\\"cloudflare.edge.pathing.src\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"user\\\"}}},{\\\"term\\\":{\\\"cloudflare.edge.pathing.op\\\":{\\\"boost\\\":1,\\\"value\\\":\\\"ban\\\"}}}]}},{\\\"terms\\\":{\\\"boost\\\":1,\\\"cloudflare.edge.pathing.status\\\":[\\\"ipr16\\\",\\\"ipr24\\\",\\\"ip6\\\",\\\"ip6r64\\\",\\\"ip6r48\\\",\\\"ip6r32\\\"]}}]}}]},\\\"_source\\\":{\\\"excludes\\\":[],\\\"includes\\\":[\\\"source.geo.region_name\\\",\\\"cloudflare.client.ip_class\\\",\\\"url.path\\\",\\\"cloudflare.client.request.protocol\\\",\\\"http.request.referrer\\\",\\\"url.full\\\",\\\"user_agent.original\\\",\\\"cloudflare.client.ssl.cipher\\\",\\\"cloudflare.client.ssl.protocol\\\",\\\"cloudflare.edge.rate_limit.action\\\",\\\"cloudflare.edge.response.content_type\\\",\\\"cloudflare.origin.response.http.expires\\\",\\\"cloudflare.origin.response.http.last_modified\\\",\\\"cloudflare.origin.ssl.protocol\\\",\\\"user_agent.os.full\\\",\\\"user_agent.name\\\",\\\"cloudflare.waf.action\\\",\\\"cloudflare.waf.flags\\\",\\\"cloudflare.waf.matched_var\\\",\\\"cloudflare.waf.profile\\\",\\\"cloudflare.waf.rule.id\\\",\\\"cloudflare.waf.rule.message\\\",\\\"cloudflare.worker.status\\\",\\\"message\\\",\\\"tags\\\"]},\\\"docvalue_fields\\\":[{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"@version\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.response.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.cache.tiered.fill\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.as.number\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_iso_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.device_type\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.city_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.continent_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code2\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_code3\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.country_name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.dma_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.latitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.longitude\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.postal_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.region_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"source.geo.timezone\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"url.domain\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.request.method\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"client.port\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.colo.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.end.timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.op\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.src\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.pathing.status\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.rate_limit.id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.request.host\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"destination.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.edge.response.compression_ratio\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"observer.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"@timestamp\\\",\\\"format\\\":\\\"epoch_millis\\\"},{\\\"field\\\":\\\"destination.ip\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"http.response.bytes\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.status_code\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.origin.response.time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.parent.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.ray_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.security_level\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.build\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.device\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.name\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_major\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.os_minor\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"user_agent.patch\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.cpu_time\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.worker.subrequest_count\\\",\\\"format\\\":\\\"use_field_mapping\\\"},{\\\"field\\\":\\\"cloudflare.zone_id\\\",\\\"format\\\":\\\"use_field_mapping\\\"}],\\\"size\\\":50,\\\"sort\\\":[{\\\"_doc\\\":{\\\"order\\\":\\\"asc\\\"}}]}\",\"index\":\"logs-*\"},\"query\":{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"should\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"bic\"}}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"hot\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"captchaFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"macro\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"jschlFail\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"zl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"us\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"rateLimit\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"unknown\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"filterBasedFirewall\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"chl\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ctry\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"term\":{\"cloudflare.edge.pathing.status\":{\"boost\":1,\"value\":\"ip\"}}}]}}]}},{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"bool\":{\"adjust_pure_negative\":true,\"boost\":1,\"must\":[{\"term\":{\"cloudflare.edge.pathing.src\":{\"boost\":1,\"value\":\"user\"}}},{\"term\":{\"cloudflare.edge.pathing.op\":{\"boost\":1,\"value\":\"ban\"}}}]}},{\"terms\":{\"boost\":1,\"cloudflare.edge.pathing.status\":[\"ipr16\",\"ipr24\",\"ip6\",\"ip6r64\",\"ip6r48\",\"ip6r32\"]}}]}}]},\"_source\":{\"excludes\":[],\"includes\":[\"source.geo.region_name\",\"cloudflare.client.ip_class\",\"url.path\",\"cloudflare.client.request.protocol\",\"http.request.referrer\",\"url.full\",\"user_agent.original\",\"cloudflare.client.ssl.cipher\",\"cloudflare.client.ssl.protocol\",\"cloudflare.edge.rate_limit.action\",\"cloudflare.edge.response.content_type\",\"cloudflare.origin.response.http.expires\",\"cloudflare.origin.response.http.last_modified\",\"cloudflare.origin.ssl.protocol\",\"user_agent.os.full\",\"user_agent.name\",\"cloudflare.waf.action\",\"cloudflare.waf.flags\",\"cloudflare.waf.matched_var\",\"cloudflare.waf.profile\",\"cloudflare.waf.rule.id\",\"cloudflare.waf.rule.message\",\"cloudflare.worker.status\",\"message\",\"tags\"]},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"@version\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.response.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.cache.tiered.fill\",\"format\":\"use_field_mapping\"},{\"field\":\"source.as.number\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_iso_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.device_type\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.city_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.continent_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code2\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_code3\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.country_name\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.dma_code\",\"format\":\"use_field_mapping\"},{\"field\":\"client.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.latitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.longitude\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.postal_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.region_code\",\"format\":\"use_field_mapping\"},{\"field\":\"source.geo.timezone\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"url.domain\",\"format\":\"use_field_mapping\"},{\"field\":\"http.request.method\",\"format\":\"use_field_mapping\"},{\"field\":\"client.port\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.colo.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.end.timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"cloudflare.edge.pathing.op\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.src\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.pathing.status\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.rate_limit.id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.request.host\",\"format\":\"use_field_mapping\"},{\"field\":\"destination.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.edge.response.compression_ratio\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"observer.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"@timestamp\",\"format\":\"epoch_millis\"},{\"field\":\"destination.ip\",\"format\":\"use_field_mapping\"},{\"field\":\"http.response.bytes\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.status_code\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.origin.response.time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.parent.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.ray_id\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.security_level\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.build\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.device\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.name\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_major\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.os_minor\",\"format\":\"use_field_mapping\"},{\"field\":\"user_agent.patch\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.cpu_time\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.worker.subrequest_count\",\"format\":\"use_field_mapping\"},{\"field\":\"cloudflare.zone_id\",\"format\":\"use_field_mapping\"}],\"size\":50,\"sort\":[{\"_doc\":{\"order\":\"asc\"}}]}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Top Threat Countries Map [Cloudflare]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [] }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" + "gridData": { + "h": 10, + "i": "240814e0-fc79-4c27-af94-fa9df006d441", + "w": 19, + "x": 1, + "y": 14 }, - { - "id": "logs-*", - "name": "240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "240814e0-fc79-4c27-af94-fa9df006d441", + "type": "map", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (Overview)", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "240814e0-fc79-4c27-af94-fa9df006d441:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json index c1e265c9222..0498ab94646 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f.json @@ -1,180 +1,1095 @@ { - "attributes": { - "description": "Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwOCwxXQ==", + "attributes": { + "description": "Get insights into your most popular hostnames, most requested content types, breakdown of request methods, and connection type.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Content Type [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.response.content_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "1", + "w": 46, + "x": 1, + "y": 21 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "1", - "w": 46, - "x": 1, - "y": 21 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "2", - "w": 46, - "x": 1, - "y": 33 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "3", - "w": 46, - "x": 1, - "y": 44 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests Methods Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "4", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.request.method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "2", + "w": 46, + "x": 1, + "y": 33 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Connection Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.client.ssl.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "3", + "w": 46, + "x": 1, + "y": 44 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Client Requests by Hostname Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "6", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-24h", + "mode": "quick", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 46, + "x": 1, + "y": 9 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "8", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-5a5d6b80-49b9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 5, + "i": "6", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "8", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - } + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json index 63a6ebda502..8134e71cacc 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f.json @@ -1,432 +1,2116 @@ { - "attributes": { - "description": "Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcwOSwxXQ==", + "attributes": { + "description": "Identify and address performance issues and caching misconfigurations. Metrics include total vs. cached bandwidth, saved bandwidth, total requests, cache ratio, top uncached requests, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "*" } + } } + } + }, + "gridData": { + "h": 4, + "i": "1", + "w": 10, + "x": 1, + "y": 12 }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 10, - "x": 1, - "y": 12 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "2", - "w": 13, - "x": 11, - "y": 12 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "2", + "w": 13, + "x": 11, + "y": 12 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Uncached Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "3", - "w": 13, - "x": 24, - "y": 12 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "hit", + "stale", + "updating", + "ignored" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "3", + "w": 13, + "x": 24, + "y": 12 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "4", - "w": 14, - "x": 1, - "y": 28 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 14, + "x": 1, + "y": 28 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 14, - "x": 15, - "y": 28 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cached Bandwidth", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "5", + "w": 14, + "x": 15, + "y": 28 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Uncached Bandwidth [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 18, - "x": 29, - "y": 28 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "hit", + "stale", + "updating", + "ignored", + "revalidated" + ], + "type": "phrases", + "value": "hit, stale, updating, ignored, revalidated" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "hit" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "stale" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "updating" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "ignored" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "revalidated" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "6", + "w": 18, + "x": 29, + "y": 28 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache status over time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "7", - "w": 25, - "x": 1, - "y": 44 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.cache.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 13, + "i": "7", + "w": 25, + "x": 1, + "y": 44 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache Status Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8", - "w": 21, - "x": 26, - "y": 44 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.cache.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "8", + "w": 21, + "x": 26, + "y": 44 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top URIs with Cache Status Miss [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "9", - "w": 21, - "x": 26, - "y": 50 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "12", - "w": 24, - "x": 1, - "y": 16 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": { + "query": "miss", + "type": "phrase" + }, + "type": "phrase", + "value": "miss" + }, + "query": { + "match": { + "cloudflare.cache.status": { + "query": "miss", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9", + "w": 21, + "x": 26, + "y": 50 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total number of requests vs cached vs uncached over time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "filter": { + "language": "lucene", + "query": "metricset.name:cloudflare.cache.status" + }, + "id": "e847cce0-4731-11e9-b6ee-0784825b4ddc", + "label": "cached requests" + } + ], + "split_mode": "filter", + "stacked": "none", + "terms_field": "cloudflare.cache.status", + "terms_order_by": "_term" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)" + }, + "formatter": "number", + "id": "0d45cce0-498f-11e9-b6ee-0784825b4ddc", + "label": "cached requests", + "line_width": 1, + "metrics": [ + { + "id": "0d45cce1-498f-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_filters": [ + { + "color": "#68BC00", + "id": "14053f70-498f-11e9-b6ee-0784825b4ddc" + } + ], + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)" + }, + "formatter": "number", + "id": "3edf18b0-498f-11e9-b6ee-0784825b4ddc", + "label": "uncached requests", + "line_width": 1, + "metrics": [ + { + "id": "3edf18b1-498f-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "13", - "w": 22, - "x": 25, - "y": 16 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "12", + "w": 24, + "x": 1, + "y": 16 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total requests", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.origin.response.status_code:>0" + }, + "formatter": "number", + "id": "fca6dbb0-4991-11e9-b6ee-0784825b4ddc", + "label": "origin requests", + "line_width": 1, + "metrics": [ + { + "id": "fca6dbb1-4991-11e9-b6ee-0784825b4ddc", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "14", - "w": 25, - "x": 1, - "y": 32 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "13", + "w": 22, + "x": 25, + "y": 16 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cached vs Uncached Bandwidth Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)" + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "saved bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)" + }, + "formatter": "bytes", + "id": "73f43510-49a0-11e9-8499-d5aa4562b1c7", + "label": "uncached bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "73f43511-49a0-11e9-8499-d5aa4562b1c7", + "type": "sum" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "15", - "w": 21, - "x": 26, - "y": 32 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "14", + "w": 25, + "x": 1, + "y": 32 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "c520c1a0-1c6e-11ea-9387-9362a5ae410a" + } + ], + "bar_color_rules": [ + { + "id": "c6258770-1c6e-11ea-9387-9362a5ae410a" + } + ], + "drop_last_bucket": 1, + "gauge_color_rules": [ + { + "id": "c7b83560-1c6e-11ea-9387-9362a5ae410a" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(104,204,202,1)", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "total bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(253,161,255,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "cloudflare.origin.response.status_code:>0" + }, + "formatter": "bytes", + "id": "65f93df0-49a7-11e9-a870-03d340338f04", + "label": "origin bandwidth", + "line_width": 1, + "metrics": [ + { + "field": "destination.bytes", + "id": "65f93df1-49a7-11e9-a870-03d340338f04", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "filter", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "16", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 9, + "i": "15", + "w": 21, + "x": 26, + "y": 32 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "17", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "16", + "w": 7, + "x": 1, + "y": 0 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Requests - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Requests**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "18", - "w": 46, - "x": 1, - "y": 25 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "17", + "w": 46, + "x": 1, + "y": 9 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Bandwidth - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Bandwidth**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "18", + "w": 46, + "x": 1, + "y": 25 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cache - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Cache**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 3, - "i": "19", - "w": 46, - "x": 1, - "y": 41 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 3, + "i": "19", + "w": 46, + "x": 1, + "y": 41 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "20", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "7.3.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "20", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Performance Overview - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Performance Overview**", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "21", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Requests, Bandwidth, Cache)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8d730ba0-3aa6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "20:panel_20", - "type": "visualization" - }, - { - "id": "cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f", - "name": "21:panel_21", - "type": "visualization" - } + } + }, + "gridData": { + "h": 4, + "i": "21", + "w": 39, + "x": 8, + "y": 0 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Requests, Bandwidth, Cache)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json index b3b17b49edc..74d7a963465 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f.json @@ -1,327 +1,1605 @@ { - "attributes": { - "description": "Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMCwxXQ==", + "attributes": { + "description": "Get insights on the availability of your websites and applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Edge Response Status Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 8, + "i": "1", + "w": 34, + "x": 1, + "y": 18 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Response Status Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "1", - "w": 34, - "x": 1, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.origin.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 34, + "x": 1, + "y": 26 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Client IPs and AS Number - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "2", - "w": 34, - "x": 1, - "y": 26 + { + "enabled": true, + "id": "2", + "params": { + "exclude": "", + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "source.as.number", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "3", + "w": 15, + "x": 31, + "y": 9 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Countries - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "3", - "w": 15, - "x": 31, - "y": 9 + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "4", + "w": 17, + "x": 29, + "y": 37 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Requested URI - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "4", - "w": 17, - "x": 29, - "y": 37 + { + "enabled": true, + "id": "2", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "6", + "w": 28, + "x": 1, + "y": 37 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top User Agents - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 9, - "i": "6", - "w": 28, - "x": 1, - "y": 37 + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "7", + "w": 28, + "x": 1, + "y": 46 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Hostnames - Reliability [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "7", - "w": 28, - "x": 1, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "8", + "w": 17, + "x": 29, + "y": 46 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Edge Response Error Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "8", - "w": 17, - "x": 29, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 11, + "x": 35, + "y": 26 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin Response Error Ratio [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.origin.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 11, + "x": 35, + "y": 18 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Errors Ratio (Edge) [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 50": "rgb(0,104,55)", + "50 - 75": "rgb(255,255,190)", + "75 - 100": "rgb(165,0,38)" + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 50 + }, + { + "from": 50, + "to": 75 + }, + { + "from": 75, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true }, - "gridData": { - "h": 8, - "i": "9", - "w": 11, - "x": 35, - "y": 26 + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "gauge", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "10", - "w": 11, - "x": 35, - "y": 18 + { + "enabled": true, + "id": "2", + "params": { + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "11", + "w": 30, + "x": 1, + "y": 9 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 9, - "i": "11", - "w": 30, - "x": 1, - "y": 9 + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 5, - "i": "12", - "w": 45, - "x": 1, - "y": 4 + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "13", - "w": 38, - "x": 8, - "y": 0 + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 4, - "i": "14", - "w": 7, - "x": 1, - "y": 0 + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 3, - "i": "15", - "w": 45, - "x": 1, - "y": 34 + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Reliability", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9c4c3100-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + } }, - { - "id": "cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 5, + "i": "12", + "w": 45, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Summary of Edge and Origin Response Status - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Summary of Edge and Origin Response Status**\n\nGet an overview of the edge and origin response status codes", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 4, + "i": "13", + "w": 38, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 4, + "i": "14", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 14, + "markdown": "Detailed View\nBreakdown of Origin Response Status Codes by Various Metrics", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 3, + "i": "15", + "w": 45, + "x": 1, + "y": 34 }, - { - "id": "cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f", - "name": "15:panel_15", - "type": "visualization" - } + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Reliability", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "9:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "10:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "search", + "name": "11:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "12:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json index de4015aed15..256a03bc15c 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f.json @@ -1,180 +1,1160 @@ { - "attributes": { - "description": "Get insights into the performance of your static and dynamic content, including slowest URLs.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMSwxXQ==", + "attributes": { + "description": "Get insights into the performance of your static and dynamic content, including slowest URLs.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin time to first byte dynamic requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of cloudflare.origin.response.time" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of OriginResponseTime" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-60d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 46, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Origin time to first byte static requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of cloudflare.origin.response.time" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "lineWidth": 1.5, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of OriginResponseTime" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "2", - "w": 46, - "x": 1, - "y": 19 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-60d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "2", + "w": 46, + "x": 1, + "y": 19 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "3", - "w": 46, - "x": 1, - "y": 28 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "4", - "w": 46, - "x": 1, - "y": 42 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "average_response_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "wait_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "8", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 99, + 99.9 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "9", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": false, + "params": [ + "bypass", + "unknown" + ], + "type": "phrases", + "value": "bypass, unknown" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "3", + "w": 46, + "x": 1, + "y": 28 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Slowest URIs by cumulative time to first byte for static requests [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "average_response_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "wait_time", + "field": "cloudflare.origin.response.time" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "cloudflare.origin.response.time", + "percents": [ + 99, + 99.9 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "5", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.cache.status", + "negate": true, + "params": [ + "unknown", + "bypass" + ], + "type": "phrases", + "value": "unknown, bypass" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.cache.status": "unknown" + } + }, + { + "match_phrase": { + "cloudflare.cache.status": "bypass" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "4", + "w": 46, + "x": 1, + "y": 42 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "7", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Performance (Static vs. Dynamic Content)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-a35b4880-49a9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Static vs Dynamic Content - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Static vs Dynamic Content**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "6", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 5, + "i": "7", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Performance (Static vs. Dynamic Content)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json index 312f5df7535..8ff55d4a71a 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-b221c710-2963-11e9-b959-4502c43b2e30.json @@ -1,180 +1,1152 @@ { - "attributes": { - "description": "Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-b221c710-2963-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMiwxXQ==", + "attributes": { + "description": "Get insights on rate limiting protection against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeted at your websites or applications.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Rate Limit Over Time [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + }, + "valueAxis": null + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2.5, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-6M", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "challenge", + "jsChallenge" + ], + "type": "phrases", + "value": "ban, simulate, challenge, jsChallenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + } + ] + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "1", + "w": 46, + "x": 1, + "y": 9 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "1", - "w": 46, - "x": 1, - "y": 9 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Rate Limit Actions [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "2", - "w": 23, - "x": 1, - "y": 16 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "3", - "w": 46, - "x": 1, - "y": 25 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.edge.rate_limit.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "jsChallenge", + "challenge" + ], + "type": "phrases", + "value": "ban, simulate, jsChallenge, challenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 9, + "i": "2", + "w": 23, + "x": 1, + "y": 16 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Rate Limit Countries [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 9, - "i": "4", - "w": 23, - "x": 24, - "y": 16 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "5", - "w": 7, - "x": 1, - "y": 0 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.edge.rate_limit.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": [ + "ban", + "simulate", + "jsChallenge", + "challenge" + ], + "type": "phrases", + "value": "ban, simulate, jsChallenge, challenge" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "ban" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "simulate" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "jsChallenge" + } + }, + { + "match_phrase": { + "cloudflare.edge.rate_limit.action": "challenge" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "3", + "w": 46, + "x": 1, + "y": 25 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Banned Client IPs [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "6", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 5, - "i": "7", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.edge.rate_limit.action", + "negate": false, + "params": { + "query": "ban", + "type": "phrase" + }, + "type": "phrase", + "value": "ban" + }, + "query": { + "match": { + "cloudflare.edge.rate_limit.action": { + "query": "ban", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (Rate Limiting)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b221c710-2963-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 9, + "i": "4", + "w": 23, + "x": 24, + "y": 16 }, - { - "id": "cloudflare-fe404730-2962-11e9-b959-4502c43b2e30", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "6", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 5, + "i": "7", + "w": 46, + "x": 1, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (Rate Limiting)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json index 2d73423abc9..7336d190c6a 100644 --- a/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json +++ b/packages/cloudflare/kibana/dashboard/cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30.json @@ -1,264 +1,1411 @@ { - "attributes": { - "description": "Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T09:44:12.946Z", + "version": "WzcxMywxXQ==", + "attributes": { + "description": "Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top User Agents [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.waf.rule.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "user_agent.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], "query": { - "language": "lucene", - "query": "" + "language": "lucene", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 14, + "i": "1", + "w": 46, + "x": 1, + "y": 34 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "1", - "w": 46, - "x": 1, - "y": 34 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top WAF Rules Triggered [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 11, - "i": "2", - "w": 29, - "x": 18, - "y": 23 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 11, - "i": "3", - "w": 17, - "x": 1, - "y": 23 + { + "enabled": true, + "id": "2", + "params": { + "field": "cloudflare.waf.rule.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cloudflare.waf.rule.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "2", + "w": 29, + "x": 18, + "y": 23 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Client IP [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "4", - "w": 18, - "x": 29, - "y": 9 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "5", - "w": 11, - "x": 18, - "y": 9 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 11, + "i": "3", + "w": 17, + "x": 1, + "y": 23 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Hosts [Cloudflare]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "6", - "w": 8, - "x": 10, - "y": 9 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 46, - "x": 1, - "y": 15 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "4", + "w": 18, + "x": 29, + "y": 9 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF: Top Countries [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 6, - "i": "8", - "w": 9, - "x": 1, - "y": 9 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "5", + "w": 11, + "x": 18, + "y": 9 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Triggered [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 4, - "i": "9", - "w": 7, - "x": 1, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "10", - "w": 39, - "x": 8, - "y": 0 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "6", + "w": 8, + "x": 10, + "y": 9 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events Over Time [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 5, - "i": "11", - "w": 46, - "x": 1, - "y": 4 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "cloudflare.waf.action", + "negate": true, + "params": { + "query": "unknown", + "type": "phrase" + }, + "type": "phrase", + "value": "unknown" + }, + "query": { + "match": { + "cloudflare.waf.action": { + "query": "unknown", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Cloudflare - Security (WAF)", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ded7e2c0-2955-11e9-b959-4502c43b2e30", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "7", + "w": 46, + "x": 1, + "y": 15 }, - { - "id": "cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Number of Requests [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "lucene", + "query": "*" + } + } + } + } }, - { - "id": "cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 6, + "i": "8", + "w": 9, + "x": 1, + "y": 9 }, - { - "id": "cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cloudflare logo [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 4, + "i": "9", + "w": 7, + "x": 1, + "y": 0 }, - { - "id": "cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "WAF Events triggered by the Web Application Firewall - text [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 16, + "markdown": "**WAF - Events triggered by the Web Application Firewall**", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "cloudflare.log*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "cloudflare.log*" + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "10", + "w": 39, + "x": 8, + "y": 0 }, - { - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "name": "9:panel_9", - "type": "visualization" + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Filters [Cloudflare]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloudflare.device_type", + "id": "1554899945457", + "indexPatternRefName": "control_0_index_pattern", + "label": "Device Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "source.geo.country_name", + "id": "1554900041526", + "indexPatternRefName": "control_1_index_pattern", + "label": "Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.domain", + "id": "1554900064098", + "indexPatternRefName": "control_2_index_pattern", + "label": "Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "client.ip", + "id": "1554900102344", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user_agent.original", + "id": "1554900136614", + "indexPatternRefName": "control_4_index_pattern", + "label": "User Agent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "url.full", + "id": "1554900159944", + "indexPatternRefName": "control_5_index_pattern", + "label": "Request URI", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.response.status_code", + "id": "1554900185676", + "indexPatternRefName": "control_6_index_pattern", + "label": "Edge Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.origin.response.status_code", + "id": "1554900211881", + "indexPatternRefName": "control_7_index_pattern", + "label": "Origin Response Status", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "destination.ip", + "id": "1556549231725", + "indexPatternRefName": "control_8_index_pattern", + "label": "Origin IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.ray_id", + "id": "1554900244300", + "indexPatternRefName": "control_9_index_pattern", + "label": "RayID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloudflare.worker.subrequest", + "id": "1554900268999", + "indexPatternRefName": "control_10_index_pattern", + "label": "Worker Subrequest", + "options": { + "dynamicOptions": false, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "http.request.method", + "id": "1554900324235", + "indexPatternRefName": "control_11_index_pattern", + "label": "Client Request Method", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "cloudflare.logpull" + ], + "type": "phrases" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "cloudflare.logpull" + } + } + ] + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + } + } }, - { - "id": "cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 5, + "i": "11", + "w": 46, + "x": 1, + "y": 4 }, - { - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "name": "11:panel_11", - "type": "visualization" - } + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Cloudflare - Security (WAF)", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "7:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "8:search_0", + "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_4_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_5_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_6_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_7_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_8_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_9_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_10_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:control_11_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.0.0" + }, + "coreMigrationVersion": "8.0.0" } \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 6eb0b305ac1..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-04dda790-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-04dda790-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index a06a99a388b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Countries - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Countries - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-085f1f60-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json deleted file mode 100644 index a4824b65a13..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-08c86890-2323-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Traffic Type [Cloudflare]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.device_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Traffic Type", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-08c86890-2323-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json b/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json deleted file mode 100644 index 1c36899ac92..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f.json +++ /dev/null @@ -1,970 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Client IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Client IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-0ca03f10-338b-11e9-ab62-2d2dc754fa8f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index a9f4401a3a7..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total Requests vs. Origin Requests in rps last 24 hours [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total requests", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(253,161,255,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.origin.response.status_code:\u003e0" - }, - "formatter": "number", - "id": "fca6dbb0-4991-11e9-b6ee-0784825b4ddc", - "label": "origin requests", - "line_width": 1, - "metrics": [ - { - "id": "fca6dbb1-4991-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total Requests vs. Origin Requests in rps last 24 hours", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-12308c30-499f-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 65cbd238cc4..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top WAF Rules Triggered [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.waf.rule.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.waf.rule.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top WAF Rules Triggered", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-123b95b0-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index b03f046e8c3..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cache Status Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.cache.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Cache Status Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-14b05280-3aa7-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 49d442cfca3..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Hostname Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Hostname Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-15b60010-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index cbdf2a5a690..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Origin Requests By Hostname - Content Type - Request Methods - Connection Type**", - "openLinksInNewTab": false - }, - "title": "Origin Requests By Hostname - Content Type - Request Methods - Connection Type - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-18490820-5bad-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 039611cc74e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Hostnames - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Hostnames - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-18e2eaa0-39e1-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json deleted file mode 100644 index f8078fff650..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Referrer [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.request.referrer", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Referrer", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-1bd60ba0-2327-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 2f7aecc2754..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF Events Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "WAF Events Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-23b58b50-2955-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8f24b3e668e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,1028 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Threats Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Threats Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-24815750-39de-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index ea14050a538..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Slowest URIs by cumulative time to first byte for dynamic requests [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "average_response_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "wait_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "8", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 99, - 99.9 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "9", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Slowest URIs by cumulative time to first byte for dynamic requests", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2523f5e0-49b6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index cb1fb084efd..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-27809b60-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "HTTP Protocols [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.version", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "HTTP Protocols", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-27809b60-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index de6ca031f17..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "WAF Events triggered by the Web Application Firewall - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**WAF - Events triggered by the Web Application Firewall**", - "openLinksInNewTab": false - }, - "title": "WAF Events triggered by the Web Application Firewall - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2820f540-5ba9-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 6bfd19a2f09..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2962b6f0-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json deleted file mode 100644 index 21db0700c3d..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "hit", - "stale", - "updating", - "ignored", - "revalidated" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored, revalidated" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "revalidated" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cached Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Cached Bandwidth", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Cached Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-2a7aaf40-232b-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 527d2b95705..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total number of requests vs cached vs uncached over time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total requests", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "#68BC00", - "filter": { - "language": "lucene", - "query": "metricset.name:cloudflare.cache.status" - }, - "id": "e847cce0-4731-11e9-b6ee-0784825b4ddc", - "label": "cached requests" - } - ], - "split_mode": "filter", - "stacked": "none", - "terms_field": "cloudflare.cache.status", - "terms_order_by": "_term" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(hit OR stale OR updating OR ignored)" - }, - "formatter": "number", - "id": "0d45cce0-498f-11e9-b6ee-0784825b4ddc", - "label": "cached requests", - "line_width": 1, - "metrics": [ - { - "id": "0d45cce1-498f-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_filters": [ - { - "color": "#68BC00", - "id": "14053f70-498f-11e9-b6ee-0784825b4ddc" - } - ], - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "data_stream.dataset : \"cloudflare.log\" AND cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored)" - }, - "formatter": "number", - "id": "3edf18b0-498f-11e9-b6ee-0784825b4ddc", - "label": "uncached requests", - "line_width": 1, - "metrics": [ - { - "id": "3edf18b1-498f-11e9-b6ee-0784825b4ddc", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total number of requests vs cached vs uncached over time", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3091d520-4991-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9dd1bf4af91..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Bandwidth - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Bandwidth**", - "openLinksInNewTab": false - }, - "title": "Bandwidth - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-30f664a0-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 107627b15df..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Web Traffic Overview - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Web Traffic Overview**", - "openLinksInNewTab": false - }, - "title": "Web Traffic Overview - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-31863f00-5b9f-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 0fcd88d4b3a..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "c520c1a0-1c6e-11ea-9387-9362a5ae410a" - } - ], - "bar_color_rules": [ - { - "id": "c6258770-1c6e-11ea-9387-9362a5ae410a" - } - ], - "drop_last_bucket": 1, - "gauge_color_rules": [ - { - "id": "c7b83560-1c6e-11ea-9387-9362a5ae410a" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(104,204,202,1)", - "fill": 0.5, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "total bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(253,161,255,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.origin.response.status_code:\u003e0" - }, - "formatter": "bytes", - "id": "65f93df0-49a7-11e9-a870-03d340338f04", - "label": "origin bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "65f93df1-49a7-11e9-a870-03d340338f04", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Total Bandwidth vs Origin Bandwidth in Mbps last 24 hours - 7.x", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3486e5a0-49a8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6e887aeb699..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": { - "query": "miss", - "type": "phrase" - }, - "type": "phrase", - "value": "miss" - }, - "query": { - "match": { - "cloudflare.cache.status": { - "query": "miss", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top URIs with Cache Status Miss [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top URIs with Cache Status Miss", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-34fce850-3aa7-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d614715a4e0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Rate Limiting - Get insights into rate limiting events and banned IPs and URIs**", - "openLinksInNewTab": false - }, - "title": "Rate Limiting Get insights into rate limiting events and banned IPs and URIs - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-39ffbca0-5baa-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 2eb07ac40fe..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": { - "query": "ban", - "type": "phrase" - }, - "type": "phrase", - "value": "ban" - }, - "query": { - "match": { - "cloudflare.edge.rate_limit.action": { - "query": "ban", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Banned Client IPs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Banned Client IPs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-3ef426c0-2963-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json deleted file mode 100644 index 8c418be835c..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-44f03e10-2328-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Number of Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Number of Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-44f03e10-2328-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fdc301693c0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Cache - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Cache**", - "openLinksInNewTab": false - }, - "title": "Cache - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-463abaa0-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 87bcb5356e5..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Request Methods [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.request.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Request Methods", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-46d7d4b0-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8f88da4b90f..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Web Traffic Types - Text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Web Traffic Types -\nGet insight into the various types of traffic and content**", - "openLinksInNewTab": false - }, - "title": "Web Traffic Types - Text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4a184a50-5ba8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index fde24ffe458..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.waf.rule.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4c0a0420-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json deleted file mode 100644 index 29857e4d40e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4d637090-2327-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic Type [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.client.ip_class", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic Type", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4d637090-2327-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d818a5715cf..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Edge Response Status Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Edge Response Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-4dd166d0-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f88511537a9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Static vs Dynamic Content - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Static vs Dynamic Content**", - "openLinksInNewTab": false - }, - "title": "Static vs Dynamic Content - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-58498820-5bab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 39ebe3df0d1..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Client IPs and AS Number - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "", - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.as.number", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Client IPs and AS Number - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-619d5830-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 1c04d19c505..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Hosts [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top Hosts", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-70880ea0-2953-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index cd205689e99..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "http.version", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.os.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Target URIs [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Target URIs", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7a021b50-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6357dcf3259..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Summary of Edge and Origin Response Status - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Summary of Edge and Origin Response Status**\n\nGet an overview of the edge and origin response status codes", - "openLinksInNewTab": false - }, - "title": "Summary of Edge and Origin Response Status - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7a7515f0-5b91-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9cda760282e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin Response Status Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.origin.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Origin Response Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-7ded6170-39df-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index b903ecef99b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,215 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "challenge", - "jsChallenge" - ], - "type": "phrases", - "value": "ban, simulate, challenge, jsChallenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Rate Limit Over Time [Cloudflare]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-6M", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": null - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2.5, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Rate Limit Over Time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-87c0c0f0-295b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json deleted file mode 100644 index dd2047ef4da..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-88d54e70-232a-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Bandwidth", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-88d54e70-232a-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json b/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json deleted file mode 100644 index 64126e16814..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f.json +++ /dev/null @@ -1,945 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Threats Stopped [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Threats Stopped", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-88e4a4e0-338a-11e9-ab62-2d2dc754fa8f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 07c78334d23..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Client IP [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "WAF: Top Client IP", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8b2c78d0-2954-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index c19762dd493..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,186 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin time to first byte dynamic requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-60d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of cloudflare.origin.response.time" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of OriginResponseTime" - }, - "type": "value" - } - ] - }, - "title": "Origin time to first byte dynamic requests", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-8bd59600-3aab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 9e9b9a2934b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Performance Overview - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Performance Overview**", - "openLinksInNewTab": false - }, - "title": "Performance Overview - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9443bac0-5bac-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index e8391dc1e13..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Threats - Review threat activity - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Threats - Review threat activity**", - "openLinksInNewTab": false - }, - "title": "Threats - Review threat activity - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97868680-5ba8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 79810dd226e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Content Type [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.response.content_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Content Type", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97ff6f60-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index c048ec3b402..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Cloudflare logo [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "![alt text](https://www.cloudflare.com/img/logo-cloudflare-dark.svg)", - "openLinksInNewTab": false - }, - "title": "Cloudflare logo", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-97ffb020-5b92-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index e7895e25686..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "jsChallenge", - "challenge" - ], - "type": "phrases", - "value": "ban, simulate, jsChallenge, challenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Rate Limit Actions [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.rate_limit.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Rate Limit Actions", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9a285cd0-295b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index e8356a58091..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin Response Error Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.origin.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Origin Response Error Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9a9d1910-39ed-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 5764800f388..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Content Type [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.response.content_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Content Type", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9bb4fa90-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 83d4df8f27d..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "hit", - "stale", - "updating", - "ignored", - "revalidated" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored, revalidated" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "revalidated" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Uncached Bandwidth [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Uncached Bandwidth", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-9c3821d0-3aa5-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 027e6867788..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ae0c98c0-39d1-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f0f0176c5be..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": false, - "params": [ - "hit", - "stale", - "updating", - "ignored" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cached Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Cached Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-afb4a590-3aa4-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 8660549559a..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown", - "type": "phrase" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF: Top Countries [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "WAF: Top Countries", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b7d29880-2952-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f0688fb0d89..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests Methods Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.request.method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests Methods Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-b937c200-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index f1b3cedee55..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Errors Ratio (Edge) [Cloudflare]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 50": "rgb(0,104,55)", - "50 - 75": "rgb(255,255,190)", - "75 - 100": "rgb(165,0,38)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "gauge": { - "alignment": "horizontal", - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 50 - }, - { - "from": 50, - "to": 75 - }, - { - "from": 75, - "to": 100 - } - ], - "extendRange": true, - "gaugeColorMode": "Labels", - "gaugeStyle": "Full", - "gaugeType": "Arc", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": true - }, - "style": { - "bgColor": false, - "bgFill": "#eee", - "bgMask": false, - "bgWidth": 0.9, - "fontSize": 60, - "labelColor": true, - "mask": false, - "maskBars": 50, - "subText": "", - "width": 0.9 - }, - "type": "meter" - }, - "isDisplayWarning": false, - "type": "gauge" - }, - "title": "Errors Ratio (Edge)", - "type": "gauge" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ba09b9b0-39ee-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 8065d1f86a9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 14, - "markdown": "Detailed View\nBreakdown of Origin Response Status Codes by Various Metrics", - "openLinksInNewTab": false - }, - "title": "Detailed View Breakdown of Origin Response Status Codes by Various Metrics - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ba3b0120-5b93-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 83b563ce025..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threat User Agents [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threat User Agents", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-bf9032b0-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index de5d96ddec9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Requested URI - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Requested URI - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-c08a2fd0-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index eaa802fe1a8..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Traffic Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Traffic Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-c883c8c0-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fca1f15386b..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "cloudflare.log*" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "cloudflare.log*" - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Requests - text [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 16, - "markdown": "**Requests**", - "openLinksInNewTab": false - }, - "title": "Requests - text", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d2ceb1c0-5baa-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index d7189fbfa17..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Cached vs Uncached Bandwidth Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.cache.status:(hit OR stale OR updating OR ignored OR revalidated)" - }, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "saved bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "sum" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "cloudflare.cache.status:(-hit OR -stale OR -updating OR -ignored OR -revalidated)" - }, - "formatter": "bytes", - "id": "73f43510-49a0-11e9-8499-d5aa4562b1c7", - "label": "uncached bandwidth", - "line_width": 1, - "metrics": [ - { - "field": "destination.bytes", - "id": "73f43511-49a0-11e9-8499-d5aa4562b1c7", - "type": "sum" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "filter", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Cached vs Uncached Bandwidth Over Time", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d4b02760-49a0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 2c8d3509fde..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Edge Response Error Ratio [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Edge Response Error Ratio", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d53f1d70-39e8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 7cbc70fb830..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "bypass", - "unknown" - ], - "type": "phrases", - "value": "bypass, unknown" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Origin time to first byte static requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-60d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of cloudflare.origin.response.time" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "lineWidth": 1.5, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of OriginResponseTime" - }, - "type": "value" - } - ] - }, - "title": "Origin time to first byte static requests", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d6fd64a0-3aab-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 113bd0cecc9..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,954 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "_source": { - "excludes": [], - "includes": [ - "source.geo.region_name", - "cloudflare.client.ip_class", - "url.path", - "cloudflare.client.request.protocol", - "http.request.referrer", - "url.full", - "user_agent.original", - "cloudflare.client.ssl.cipher", - "cloudflare.client.ssl.protocol", - "cloudflare.edge.rate_limit.action", - "cloudflare.edge.response.content_type", - "cloudflare.origin.response.http.expires", - "cloudflare.origin.response.http.last_modified", - "cloudflare.origin.ssl.protocol", - "user_agent.os.full", - "user_agent.name", - "cloudflare.waf.action", - "cloudflare.waf.flags", - "cloudflare.waf.matched_var", - "cloudflare.waf.profile", - "cloudflare.waf.rule.id", - "cloudflare.waf.rule.message", - "cloudflare.worker.status", - "message", - "tags" - ] - }, - "docvalue_fields": [ - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "@version", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.response.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.cache.tiered.fill", - "format": "use_field_mapping" - }, - { - "field": "source.as.number", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_iso_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.device_type", - "format": "use_field_mapping" - }, - { - "field": "source.geo.city_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.continent_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code2", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_code3", - "format": "use_field_mapping" - }, - { - "field": "source.geo.country_name", - "format": "use_field_mapping" - }, - { - "field": "source.geo.dma_code", - "format": "use_field_mapping" - }, - { - "field": "client.ip", - "format": "use_field_mapping" - }, - { - "field": "source.geo.latitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.longitude", - "format": "use_field_mapping" - }, - { - "field": "source.geo.postal_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.region_code", - "format": "use_field_mapping" - }, - { - "field": "source.geo.timezone", - "format": "use_field_mapping" - }, - { - "field": "http.request.bytes", - "format": "use_field_mapping" - }, - { - "field": "url.domain", - "format": "use_field_mapping" - }, - { - "field": "http.request.method", - "format": "use_field_mapping" - }, - { - "field": "client.port", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.colo.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.end.timestamp", - "format": "epoch_millis" - }, - { - "field": "cloudflare.edge.pathing.op", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.src", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.pathing.status", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.rate_limit.id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.request.host", - "format": "use_field_mapping" - }, - { - "field": "destination.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.edge.response.compression_ratio", - "format": "use_field_mapping" - }, - { - "field": "http.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "observer.ip", - "format": "use_field_mapping" - }, - { - "field": "@timestamp", - "format": "epoch_millis" - }, - { - "field": "destination.ip", - "format": "use_field_mapping" - }, - { - "field": "http.response.bytes", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.status_code", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.origin.response.time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.parent.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.ray_id", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.security_level", - "format": "use_field_mapping" - }, - { - "field": "user_agent.build", - "format": "use_field_mapping" - }, - { - "field": "user_agent.device", - "format": "use_field_mapping" - }, - { - "field": "user_agent.major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.name", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_major", - "format": "use_field_mapping" - }, - { - "field": "user_agent.os_minor", - "format": "use_field_mapping" - }, - { - "field": "user_agent.patch", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.cpu_time", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.worker.subrequest_count", - "format": "use_field_mapping" - }, - { - "field": "cloudflare.zone_id", - "format": "use_field_mapping" - } - ], - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "size", - "negate": false, - "type": "custom", - "value": "50" - }, - "query": { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "should": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "bic" - } - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "hot" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "captchaFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "macro" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "jschlFail" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "zl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "us" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "rateLimit" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "unknown" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "filterBasedFirewall" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "chl" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ctry" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "term": { - "cloudflare.edge.pathing.status": { - "boost": 1, - "value": "ip" - } - } - } - ] - } - } - ] - } - }, - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "bool": { - "adjust_pure_negative": true, - "boost": 1, - "must": [ - { - "term": { - "cloudflare.edge.pathing.src": { - "boost": 1, - "value": "user" - } - } - }, - { - "term": { - "cloudflare.edge.pathing.op": { - "boost": 1, - "value": "ban" - } - } - } - ] - } - }, - { - "terms": { - "boost": 1, - "cloudflare.edge.pathing.status": [ - "ipr16", - "ipr24", - "ip6", - "ip6r64", - "ip6r48", - "ip6r32" - ] - } - } - ] - } - } - ] - } - }, - "size": 50, - "sort": [ - { - "_doc": { - "order": "asc" - } - } - ] - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Threats Stopped [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Threats Stopped", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-d9890140-3a9a-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 7adf49224a0..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "hit", - "stale", - "updating", - "ignored" - ], - "type": "phrases", - "value": "hit, stale, updating, ignored" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "hit" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "stale" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "updating" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "ignored" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Uncached Requests [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Uncached Requests", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-df169f00-3aa4-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 29cff1b8b3e..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top User Agents - Reliability [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.original", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top User Agents - Reliability", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ec96e3c0-39e0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 6ab5f4620b5..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Client Requests by Connection Over Time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "now-24h", - "mode": "quick", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.client.ssl.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Client Requests by Connection Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f109c430-49b8-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index bc2e63bd7ae..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,311 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "cloudflare.logpull" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "cloudflare.logpull" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "title": "Filters [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "cloudflare.device_type", - "id": "1554899945457", - "indexPatternRefName": "control_0_index_pattern", - "label": "Device Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "source.geo.country_name", - "id": "1554900041526", - "indexPatternRefName": "control_1_index_pattern", - "label": "Country", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "url.domain", - "id": "1554900064098", - "indexPatternRefName": "control_2_index_pattern", - "label": "Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "client.ip", - "id": "1554900102344", - "indexPatternRefName": "control_3_index_pattern", - "label": "Client IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user_agent.original", - "id": "1554900136614", - "indexPatternRefName": "control_4_index_pattern", - "label": "User Agent", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "url.full", - "id": "1554900159944", - "indexPatternRefName": "control_5_index_pattern", - "label": "Request URI", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "http.response.status_code", - "id": "1554900185676", - "indexPatternRefName": "control_6_index_pattern", - "label": "Edge Response Status", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.origin.response.status_code", - "id": "1554900211881", - "indexPatternRefName": "control_7_index_pattern", - "label": "Origin Response Status", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "destination.ip", - "id": "1556549231725", - "indexPatternRefName": "control_8_index_pattern", - "label": "Origin IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.ray_id", - "id": "1554900244300", - "indexPatternRefName": "control_9_index_pattern", - "label": "RayID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloudflare.worker.subrequest", - "id": "1554900268999", - "indexPatternRefName": "control_10_index_pattern", - "label": "Worker Subrequest", - "options": { - "dynamicOptions": false, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "http.request.method", - "id": "1554900324235", - "indexPatternRefName": "control_11_index_pattern", - "label": "Client Request Method", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": true, - "updateFiltersOnChange": true, - "useTimeFilter": false - }, - "title": "Filters", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f6a08770-5b8e-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_3_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_4_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_5_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_6_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_7_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_8_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_9_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_10_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_11_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 99dd8123f4f..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Cache status over time [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.cache.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Cache status over time", - "type": "line" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-f982c5b0-3aa6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json b/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json deleted file mode 100644 index 4874c371873..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Requested URI [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Requested URI", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fbfdbb70-2326-11e9-ba08-c19298cded24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index fda84c21df8..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.cache.status", - "negate": true, - "params": [ - "unknown", - "bypass" - ], - "type": "phrases", - "value": "unknown, bypass" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.cache.status": "unknown" - } - }, - { - "match_phrase": { - "cloudflare.cache.status": "bypass" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Slowest URIs by cumulative time to first byte for static requests [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "average_response_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "wait_time", - "field": "cloudflare.origin.response.time" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "cloudflare.origin.response.time", - "percents": [ - 99, - 99.9 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "5", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Slowest URIs by cumulative time to first byte for static requests", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fc4f9420-49b6-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json deleted file mode 100644 index 27aeaadeef6..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.waf.action", - "negate": true, - "params": { - "query": "unknown" - }, - "type": "phrase", - "value": "unknown" - }, - "query": { - "match": { - "cloudflare.waf.action": { - "query": "unknown", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "WAF Events Triggered [Cloudflare]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "WAF Events Triggered", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fc9df390-293b-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json b/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json deleted file mode 100644 index aa992c74b8c..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-fe404730-2962-11e9-b959-4502c43b2e30.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "cloudflare.edge.rate_limit.action", - "negate": false, - "params": [ - "ban", - "simulate", - "jsChallenge", - "challenge" - ], - "type": "phrases", - "value": "ban, simulate, jsChallenge, challenge" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "ban" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "simulate" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "jsChallenge" - } - }, - { - "match_phrase": { - "cloudflare.edge.rate_limit.action": "challenge" - } - } - ] - } - } - } - ], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Rate Limit Countries [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.rate_limit.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Rate Limit Countries", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-fe404730-2962-11e9-b959-4502c43b2e30", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json b/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json deleted file mode 100644 index 1ce2d7df6fd..00000000000 --- a/packages/cloudflare/kibana/visualization/cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "lucene", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Pathing Statuses [Cloudflare]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 3, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cloudflare.edge.pathing.src", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cloudflare.edge.pathing.op", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "cloudflare.edge.pathing.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 3, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Top Pathing Statuses", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "cloudflare-ff3ba2f0-39d0-11e9-bd1f-75f359ac0c3f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "cloudflare-a046cd07-96af-4518-a0c0-aea826e9ffc3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index ed29e5c0ddc..85e1fe4440a 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: "2.3.0" +version: "2.3.1" release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index ad7e77329b1..2fcbfc24264 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.3.1" changes: - description: Remove duplicate fields. diff --git a/packages/hid_bravura_monitor/data_stream/log/sample_event.json b/packages/hid_bravura_monitor/data_stream/log/sample_event.json index 6fe784ec826..22d04246755 100644 --- a/packages/hid_bravura_monitor/data_stream/log/sample_event.json +++ b/packages/hid_bravura_monitor/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2021-01-16T00:35:25.258Z", "agent": { - "ephemeral_id": "00124c53-af5e-4d5f-818c-ff189690109e", - "hostname": "docker-fleet-agent", - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", + "ephemeral_id": "fa387b80-fca3-4488-ac1b-460792f3a8ea", + "id": "02ab444e-ca97-437b-85dc-d580f055047c", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.0" + "version": "8.1.0" }, "data_stream": { "dataset": "hid_bravura_monitor.log", @@ -17,14 +16,14 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", - "snapshot": true, - "version": "7.16.0" + "id": "02ab444e-ca97-437b-85dc-d580f055047c", + "snapshot": false, + "version": "8.1.0" }, "event": { "agent_id_status": "verified", "dataset": "hid_bravura_monitor.log", - "ingested": "2021-10-29T18:19:35Z", + "ingested": "2022-11-22T08:13:24Z", "original": "\u00182021-01-16 00:35:25.258.7085 - [] pamlws.exe [44408,52004] Error: LWS [HID-TEST] foundcomputer record not found", "timezone": "UTC" }, @@ -36,24 +35,23 @@ }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "docker-fleet-agent", - "id": "3bfbf225479aac5f850ea38f5d9d8a02", "ip": [ - "192.168.192.7" + "172.29.0.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02:42:ac:1d:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.10.16.3-microsoft-standard-WSL2", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index 38ff926b3f9..40dceb82174 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -155,12 +155,11 @@ An example event for `log` looks as following: { "@timestamp": "2021-01-16T00:35:25.258Z", "agent": { - "ephemeral_id": "00124c53-af5e-4d5f-818c-ff189690109e", - "hostname": "docker-fleet-agent", - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", + "ephemeral_id": "fa387b80-fca3-4488-ac1b-460792f3a8ea", + "id": "02ab444e-ca97-437b-85dc-d580f055047c", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.16.0" + "version": "8.1.0" }, "data_stream": { "dataset": "hid_bravura_monitor.log", @@ -171,14 +170,14 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "9bcd741c-af93-434c-ad55-1ec23d08ab89", - "snapshot": true, - "version": "7.16.0" + "id": "02ab444e-ca97-437b-85dc-d580f055047c", + "snapshot": false, + "version": "8.1.0" }, "event": { "agent_id_status": "verified", "dataset": "hid_bravura_monitor.log", - "ingested": "2021-10-29T18:19:35Z", + "ingested": "2022-11-22T08:13:24Z", "original": "\u00182021-01-16 00:35:25.258.7085 - [] pamlws.exe [44408,52004] Error: LWS [HID-TEST] foundcomputer record not found", "timezone": "UTC" }, @@ -190,24 +189,23 @@ An example event for `log` looks as following: }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "docker-fleet-agent", - "id": "3bfbf225479aac5f850ea38f5d9d8a02", "ip": [ - "192.168.192.7" + "172.29.0.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02:42:ac:1d:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.10.16.3-microsoft-standard-WSL2", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json index efb49b14c65..d752dfe4bd3 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY2OCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,157 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Log issues histogram", + "description": "", + "uiState": { + "vis": { + "colors": { + "Error": "#BF1B00", + "Warning": "#E5AC0E" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +185,75 @@ "y": 0 }, "panelIndex": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Instance", + "field": "agent.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -43,12 +263,75 @@ "y": 15 }, "panelIndex": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by level", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Level", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -58,12 +341,75 @@ "y": 15 }, "panelIndex": "8b200051-1ac1-4008-b031-ba62127cb7b4", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IDM Suite: Errors/Warnings by process", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -73,43 +419,38 @@ "y": 15 }, "panelIndex": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349", - "panelRefName": "panel_3", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Log issues - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0665f160-f956-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289", - "name": "panel_0", - "type": "visualization" + "type": "search", + "name": "16ceee80-adfc-4ecd-99f4-3f3160dce1f4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "b64ac48c-d9e4-4dfa-9ddd-05117c054c44:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "8b200051-1ac1-4008-b031-ba62127cb7b4:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "9cd7264a-0271-4e4a-9fe7-67f7fc60d349:search_0", + "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json index 6304d116a5b..a7595635f20 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY2OSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,93 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Disabled Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -28,12 +121,174 @@ "y": 0 }, "panelIndex": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Disabled Profiles Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "30", + "31" + ], + "type": "phrases", + "value": "30, 31" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "30" + } + }, + { + "match_phrase": { + "event.code": "31" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -43,33 +298,38 @@ "y": 0 }, "panelIndex": "3b23d41e-170f-4423-8ba8-2971e9b68782", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Administrative - Disabled Profiles", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0db75ff0-f9f4-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6a0834a4-8c2b-4484-9f5e-c55faf0deac6:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3b23d41e-170f-4423-8ba8-2971e9b68782:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json index 4f420d15d8e..1ab28b10ea3 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,28 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -28,12 +56,133 @@ "y": 0 }, "panelIndex": "6d898178-6f51-4199-ae7e-44bd35e60bc8", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Discovery procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -43,8 +192,8 @@ "y": 0 }, "panelIndex": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -66,30 +215,20 @@ "title": "[Bravura Monitor] Database - Discovery", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1a431f90-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ - { - "id": "hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - }, { "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", "name": "panel_2", "type": "search" + }, + { + "type": "search", + "name": "47c424ec-b1cc-4ab1-abfc-e9d0382a79ee:search_0", + "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json index b8e2c9599aa..9954b580942 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,75 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Problem Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 59, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 21, @@ -28,12 +103,170 @@ "y": 0 }, "panelIndex": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Problem Provider Distribution", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 21, @@ -43,12 +276,92 @@ "y": 0 }, "panelIndex": "31e162b4-565d-4dce-90f1-e0a43ed54a70", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "User Problem Distribution", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 21, @@ -58,12 +371,99 @@ "y": 21 }, "panelIndex": "21a44db8-a29a-4a18-b63e-ca0da9606909", - "panelRefName": "panel_2", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Problem Heat Map", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Yellow to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": true, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 21, @@ -73,12 +473,109 @@ "y": 21 }, "panelIndex": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf", - "panelRefName": "panel_3", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Problem Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 20, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Source", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Log", + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 27, @@ -88,12 +585,93 @@ "y": 42 }, "panelIndex": "1494c062-2f24-4571-8e69-793a894392d7", - "panelRefName": "panel_4", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Problem Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "error": "#EF843C", + "warning": "#EAB839" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 27, @@ -103,53 +681,48 @@ "y": 42 }, "panelIndex": "5fb347ad-ad70-4cfb-8023-f61468be8a07", - "panelRefName": "panel_5", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Windows Event Analysis - Problems", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-23a89d20-fa07-11eb-96cd-db0fb11a40f3", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "search", + "name": "a3abfe8b-3ddd-492a-b081-2e3a3d76e84f:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "31e162b4-565d-4dce-90f1-e0a43ed54a70:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "21a44db8-a29a-4a18-b63e-ca0da9606909:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "efaeb9a6-ef0b-4f77-b397-1c8577f38cbf:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" + "type": "search", + "name": "1494c062-2f24-4571-8e69-793a894392d7:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" + "type": "search", + "name": "5fb347ad-ad70-4cfb-8023-f61468be8a07:search_0", + "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json index 755ec28db93..14a564795c1 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,181 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtimes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of Duration (ms)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Sum of Duration (ms)" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sum of Duration (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2021-01-11T07:00:00.000Z", + "to": "2021-01-18T07:00:00.000Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psupdate.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +209,115 @@ "y": 0 }, "panelIndex": "27066e19-96ff-46db-989c-2ed0650bfb32", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Discovery Events", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -43,12 +327,138 @@ "y": 15 }, "panelIndex": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Discovery Runtime Table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Runtime (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Discovery ID", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.exe", + "negate": false, + "params": { + "query": "psupdate.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.exe": "psupdate.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -58,38 +468,53 @@ "y": 15 }, "panelIndex": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78", - "panelRefName": "panel_2", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Discovery - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-28db2060-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "27066e19-96ff-46db-989c-2ed0650bfb32:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "9a662dac-12e2-44ce-ad7d-eaca9ec5b478:search_0", + "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51a5c05f-6a26-4138-9f95-f4c6b01c4d78:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json index 488ef6d7c84..c6d2adf28ad 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3MywxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,93 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Unlocked Profiles", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Profile", + "field": "winlog.event_data.Profile", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -28,12 +121,174 @@ "y": 0 }, "panelIndex": "292870cf-80ba-4071-ac33-6ddc10eef5ee", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Unlocked Profile Trend", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "32", + "33" + ], + "type": "phrases", + "value": "32, 33" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "32" + } + }, + { + "match_phrase": { + "event.code": "33" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -43,33 +298,38 @@ "y": 0 }, "panelIndex": "c81e1947-6ef2-4f8f-8497-c6defed48569", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Administrative - Unlocked Profiles", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3f403100-f9f4-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "292870cf-80ba-4071-ac33-6ddc10eef5ee:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "c81e1947-6ef2-4f8f-8497-c6defed48569:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json index bd2c05b46b6..8144504311c 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,150 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 14, @@ -28,12 +178,75 @@ "y": 0 }, "panelIndex": "aed09807-f936-4881-960d-30039d3fb5cd", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Nodes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -43,12 +256,75 @@ "y": 14 }, "panelIndex": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Processes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -58,12 +334,75 @@ "y": 14 }, "panelIndex": "ded4c445-2a0a-448c-9318-38b166d11d73", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Issues: Affected users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Users", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -73,8 +412,8 @@ "y": 14 }, "panelIndex": "a58e223b-2453-4dcd-9de5-8a6101d9964d", - "panelRefName": "panel_3", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -96,40 +435,35 @@ "title": "[Bravura Monitor] Users - Issues", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-49fa7e40-f9fc-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", + "name": "panel_4", + "type": "search" }, { - "id": "hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "aed09807-f936-4881-960d-30039d3fb5cd:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "fa9c7f19-26bc-489f-ad23-1774eaf8dcc6:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "ded4c445-2a0a-448c-9318-38b166d11d73:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "search" + "type": "search", + "name": "a58e223b-2453-4dcd-9de5-8a6101d9964d:search_0", + "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json index 10d86188d36..7e3fc33d625 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,28 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Search: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -28,12 +56,115 @@ "y": 0 }, "panelIndex": "63969223-a0de-4d10-aa3a-5a7de19681c2", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Search performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -43,8 +174,8 @@ "y": 0 }, "panelIndex": "37dcff04-67ca-46e6-bea3-b6be4a08bce8", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -66,30 +197,20 @@ "title": "[Bravura Monitor] Database - Search", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4bf327b0-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ - { - "id": "hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" - }, { "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", "name": "panel_2", "type": "search" + }, + { + "type": "search", + "name": "37dcff04-67ca-46e6-bea3-b6be4a08bce8:search_0", + "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json index 70a913c100b..7ab53037a87 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -17,6 +24,16 @@ }, "panelsJSON": [ { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", "embeddableConfig": { "enhancements": {}, "savedVis": { @@ -107,21 +124,114 @@ "uiState": {} }, "type": "visualization" - }, - "gridData": { - "h": 17, - "i": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "d09c2c16-f29a-48e2-bb74-471b6de1fc03", - "type": "visualization", - "version": "7.15.0" + } }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Executables: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -131,28 +241,23 @@ "y": 17 }, "panelIndex": "198257f3-2b86-41f1-83cf-2090465b56a8", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Processes - Executables", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4ee19fa0-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "198257f3-2b86-41f1-83cf-2090465b56a8:search_0", + "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json index 17abfaa11eb..9e469384285 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3NywxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,70 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -28,12 +98,156 @@ "y": 0 }, "panelIndex": "2852a22c-425f-45b2-b953-6b0f3d214447", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -43,12 +257,115 @@ "y": 0 }, "panelIndex": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Workflow: Operations", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event", + "field": "hid_bravura_monitor.perf.event", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -58,8 +375,8 @@ "y": 20 }, "panelIndex": "c3a20836-de82-44e2-a23c-38ac861cc7df", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -81,35 +398,30 @@ "title": "[Bravura Monitor] Workflow - Summary (Logs)", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-52cf42a0-fa04-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, { - "id": "hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "2852a22c-425f-45b2-b953-6b0f3d214447:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "9e84cdcf-b3f1-44b5-bdc4-67bb7cb7b7ac:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" + "type": "search", + "name": "c3a20836-de82-44e2-a23c-38ac861cc7df:search_0", + "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json index 2387f0333c0..65fa2c5edb7 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3OCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,74 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary Table", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Integration", + "field": "winlog.event_data.Module", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -28,12 +102,155 @@ "y": 0 }, "panelIndex": "647b541e-ba69-4580-8b5c-82b99e9141db", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Administrative Summary", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 20, @@ -43,8 +260,8 @@ "y": 0 }, "panelIndex": "3d4e7a89-9376-40e8-a110-aea6fad8704d", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -66,30 +283,25 @@ "title": "[Bravura Monitor] Administrative - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-578cb360-f9f3-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", + "name": "panel_2", + "type": "search" }, { - "id": "hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "647b541e-ba69-4580-8b5c-82b99e9141db:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "search" + "type": "search", + "name": "3d4e7a89-9376-40e8-a110-aea6fad8704d:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json index 6b1503df6f9..028d77fd688 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY3OSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -17,6 +24,16 @@ }, "panelsJSON": [ { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", "embeddableConfig": { "enhancements": {}, "hidePanelTitles": false, @@ -85,21 +102,114 @@ }, "type": "visualization" }, - "gridData": { - "h": 17, - "i": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "9f0e186d-5e7d-495b-968b-65a909a63c78", - "title": "Plugin Average Duration", - "type": "visualization", - "version": "7.15.0" + "title": "Plugin Average Duration" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Plugin: Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Plugin", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -109,28 +219,23 @@ "y": 17 }, "panelIndex": "f71897e4-f55e-4fb5-93e1-8825546d3116", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Processes - Plugins", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ebde770-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "f71897e4-f55e-4fb5-93e1-8825546d3116:search_0", + "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json index 871f32ddb4c..35a335bd471 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,67 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Bravura: Selector: Return Code", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "hid_bravura_monitor.perf.result", + "id": "1606164462534", + "indexPatternRefName": "control_0_index_pattern", + "label": "Return Code", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 10, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 7, @@ -28,12 +95,155 @@ "y": 0 }, "panelIndex": "11dfd31e-217a-468c-b9a4-1d171916550b", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 17, @@ -43,12 +253,33 @@ "y": 0 }, "panelIndex": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Legend", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 10, @@ -58,12 +289,75 @@ "y": 7 }, "panelIndex": "8e87968f-419b-416a-88b4-69575d6ca6c8", - "panelRefName": "panel_2", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Operation count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -73,12 +367,75 @@ "y": 17 }, "panelIndex": "d8250cb1-181e-4c67-8a07-2b5adaa631e1", - "panelRefName": "panel_3", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Executable Count", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -88,12 +445,75 @@ "y": 17 }, "panelIndex": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe", - "panelRefName": "panel_4", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Node counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -103,12 +523,75 @@ "y": 17 }, "panelIndex": "4e305609-b4cd-47c1-b927-9bbb1905f879", - "panelRefName": "panel_5", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector Return Code: Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -118,8 +601,8 @@ "y": 17 }, "panelIndex": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0", - "panelRefName": "panel_6", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -141,55 +624,50 @@ "title": "[Bravura Monitor] Integrations - Connector Return Code", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-7c5c1ef0-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", + "name": "panel_7", + "type": "search" }, { - "id": "hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "11dfd31e-217a-468c-b9a4-1d171916550b:control_0_index_pattern", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "ecfdce59-b9f9-4b92-bf44-fc2b0b30940e:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" + "type": "search", + "name": "d8250cb1-181e-4c67-8a07-2b5adaa631e1:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" + "type": "search", + "name": "10e16f9a-7072-491a-a67f-3b37e4d2d6fe:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa", - "name": "panel_6", - "type": "visualization" + "type": "search", + "name": "4e305609-b4cd-47c1-b927-9bbb1905f879:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "panel_7", - "type": "search" + "type": "search", + "name": "50d3505b-77d3-4128-a8f2-dd42c7e33ac0:search_0", + "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json index 4f396ceba7c..79cbe25386e 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,71 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Dataset: Log Type Counts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log Type", + "field": "hid_bravura_monitor.perf.kind", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -28,12 +99,154 @@ "y": 0 }, "panelIndex": "bbd62230-da7b-4a8d-8048-164a39c870a6", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Dataset: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 25, @@ -43,33 +256,28 @@ "y": 0 }, "panelIndex": "006c196d-830d-4713-bf84-1bf393366bdc", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Dataset - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8187dcb0-fa04-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "bbd62230-da7b-4a8d-8048-164a39c870a6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "006c196d-830d-4713-bf84-1bf393366bdc:search_0", + "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json index f7375139558..4e2126c8c9b 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,155 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Replication Database Connection Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "6" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "6" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +183,160 @@ "y": 0 }, "panelIndex": "b525b8b8-13fc-4a51-82b0-233acc227625", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Replication Database Transaction Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "8" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "8" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -43,12 +346,160 @@ "y": 0 }, "panelIndex": "16f346a5-a0bf-421a-ba88-c678b4fffb2a", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Replication Queue Insert Failures", + "description": "Failed to insert data into database replication queue", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "9" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "9" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -58,12 +509,160 @@ "y": 15 }, "panelIndex": "c23d8833-8154-4aa8-af8e-44dccd8cc199", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Replication Database Stored Procedure Failures", + "description": "Failed to run stored procedure on replication database.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "10" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "10" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -73,12 +672,160 @@ "y": 15 }, "panelIndex": "085c710d-1038-4a6a-be6f-21039079b15b", - "panelRefName": "panel_3", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "File Replication Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "78" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "78" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -88,8 +835,8 @@ "y": 15 }, "panelIndex": "33ae3b0f-db67-48f5-abb8-192c029c5d98", - "panelRefName": "panel_4", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -111,45 +858,65 @@ "title": "[Bravura Monitor] Database - Replication (Windows Event)", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-91029280-0520-11ec-853c-2bf1ec8ddeef", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", + "name": "panel_5", + "type": "search" }, { - "id": "hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "b525b8b8-13fc-4a51-82b0-233acc227625:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "visualization" + "type": "index-pattern", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215", - "name": "panel_4", - "type": "visualization" + "type": "search", + "name": "16f346a5-a0bf-421a-ba88-c678b4fffb2a:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-9a787d10-0521-11ec-853c-2bf1ec8ddeef", - "name": "panel_5", - "type": "search" + "type": "index-pattern", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "c23d8833-8154-4aa8-af8e-44dccd8cc199:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "085c710d-1038-4a6a-be6f-21039079b15b:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "33ae3b0f-db67-48f5-abb8-192c029c5d98:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json index 83cde59a3d3..b3127b02a9a 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4MywxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,28 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 10, @@ -28,13 +56,184 @@ "y": 0 }, "panelIndex": "486bc4b4-3c64-46f8-a319-01204f38c3be", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 10, @@ -44,14 +243,142 @@ "y": 0 }, "panelIndex": "b5abbb3d-eb82-45a8-a972-13b692b11c16", - "panelRefName": "panel_1", "title": "Users: Pages: Node Usage", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false + "hidePanelTitles": false, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -61,13 +388,172 @@ "y": 10 }, "panelIndex": "f1b6be80-c65b-4d88-861a-e8a66275bd62", - "panelRefName": "panel_2", "title": "Users: Pages: User Logins", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Pages: UI Transactions", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "UI Transaction", + "field": "hid_bravura_monitor.perf.transid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Executable", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Transaction is NULL", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": true, + "params": { + "query": "" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "" + } + } + }, + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "hid_bravura_monitor.perf.transid" + }, + "meta": { + "alias": "Transaction exists", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -77,8 +563,8 @@ "y": 10 }, "panelIndex": "09961de3-ede6-4ecf-a45a-ebe3040366f0", - "panelRefName": "panel_3", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -100,40 +586,55 @@ "title": "[Bravura Monitor] Users - Pages", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a8739000-f9fd-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", + "name": "panel_4", + "type": "search" }, { - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "b5abbb3d-eb82-45a8-a972-13b692b11c16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", - "name": "panel_4", - "type": "search" + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f1b6be80-c65b-4d88-861a-e8a66275bd62:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "09961de3-ede6-4ecf-a45a-ebe3040366f0:search_0", + "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json index 9053c3bcc6e..b789663f809 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,93 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Password Resets Started", + "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "62", + "65" + ], + "type": "phrases", + "value": "62, 65" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "62" + } + }, + { + "match_phrase": { + "event.code": "65" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -28,12 +121,203 @@ "y": 0 }, "panelIndex": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Password Resets Trend", + "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "63", + "64", + "66", + "67" + ], + "type": "phrases", + "value": "63, 64, 66, 67" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "63" + } + }, + { + "match_phrase": { + "event.code": "64" + } + }, + { + "match_phrase": { + "event.code": "66" + } + }, + { + "match_phrase": { + "event.code": "67" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -43,33 +327,38 @@ "y": 0 }, "panelIndex": "11298d56-d098-45e3-b23a-6992c24c5652", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Administrative - Password Resets", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a9ea8420-f9f3-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5d50c25d-870c-4aa5-a1f9-5c79904db3d1:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11298d56-d098-45e3-b23a-6992c24c5652:search_0", + "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json index 032056c997a..955cd70cfba 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,79 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Requesters", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Requester", + "field": "winlog.event_data.Requester", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +107,156 @@ "y": 0 }, "panelIndex": "84ac5874-8913-4514-8d51-f2b3cd522a49", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Workflow Request Trend", + "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": {}, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 30, @@ -43,12 +266,84 @@ "y": 0 }, "panelIndex": "9f39a308-2152-471a-911f-5bb8e316262e", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Top 10 Recipients", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Recipient", + "field": "winlog.event_data.Recipient", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": true, + "params": { + "query": "85" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "85" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -58,8 +353,8 @@ "y": 15 }, "panelIndex": "93f64f12-ac6d-4462-96c2-53d0c477a0ca", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -81,35 +376,40 @@ "title": "[Bravura Monitor] Workflow - Summary (Windows Event)", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b0fd1f50-06a2-11ec-a72d-e52b79e13120", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", + "name": "panel_3", + "type": "search" }, { - "id": "hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "84ac5874-8913-4514-8d51-f2b3cd522a49:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "search" + "type": "search", + "name": "9f39a308-2152-471a-911f-5bb8e316262e:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "93f64f12-ac6d-4462-96c2-53d0c477a0ca:search_0", + "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json index e9913312b3f..0ffb7aa2f6a 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,172 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +200,138 @@ "y": 0 }, "panelIndex": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Target Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -43,33 +341,38 @@ "y": 15 }, "panelIndex": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Integrations - Connector Performance", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b66f3780-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9ccdc869-ebc2-4871-a11a-8d594aff7ccd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b68e2e9c-13fa-4a90-baa2-40caefe3cb38:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json index 4669cd84288..90034df53ca 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4NywxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,153 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Total over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Total (ms)" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Total (ms)" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -28,12 +181,115 @@ "y": 0 }, "panelIndex": "f5d8eb70-30ce-4899-9905-2aa35954d01d", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Stored Procedures", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -43,12 +299,102 @@ "y": 15 }, "panelIndex": "a5499566-62cb-421c-8276-7a9398643a06", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Replication: Load by queue", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Queue", + "field": "hid_bravura_monitor.perf.receivequeue", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 15, @@ -58,8 +404,8 @@ "y": 15 }, "panelIndex": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -81,35 +427,30 @@ "title": "[Bravura Monitor] Database - Replication (Logs)", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b9bc5190-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", + "name": "panel_3", + "type": "search" }, { - "id": "hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "f5d8eb70-30ce-4899-9905-2aa35954d01d:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" }, { - "id": "hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "a5499566-62cb-421c-8276-7a9398643a06:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" }, { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "panel_3", - "type": "search" + "type": "search", + "name": "5fc759c3-9678-4b3c-b0d5-dcfad77adfe8:search_0", + "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json index d411a953373..982f2571363 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4OCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,28 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: API: Help", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 13, @@ -28,12 +56,155 @@ "y": 0 }, "panelIndex": "f71be298-074a-43c0-a3fe-1035fd98a8a7", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: API: Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 13, @@ -43,12 +214,75 @@ "y": 0 }, "panelIndex": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: API: Users", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -58,12 +292,75 @@ "y": 13 }, "panelIndex": "60432682-b874-48c8-9b8b-3bbf4e650385", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: API: Calls per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -73,12 +370,115 @@ "y": 13 }, "panelIndex": "2af36389-5601-4930-b3ec-b44c671c56ff", - "panelRefName": "panel_3", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: API: Function Performance", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Minimum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Maximum (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -88,8 +488,8 @@ "y": 13 }, "panelIndex": "ed2e421f-36f7-4501-9e4e-34ddae454f07", - "panelRefName": "panel_4", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -111,45 +511,35 @@ "title": "[Bravura Monitor] Users - API", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c5417bd0-f9fc-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_5", + "type": "search" }, { - "id": "hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "b80b0e2a-b786-48ec-88a5-bc8104ddbd42:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "60432682-b874-48c8-9b8b-3bbf4e650385:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" + "type": "search", + "name": "2af36389-5601-4930-b3ec-b44c671c56ff:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_5", - "type": "search" + "type": "search", + "name": "ed2e421f-36f7-4501-9e4e-34ddae454f07:search_0", + "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json index 4379c345d0c..629be8f2a70 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY4OSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,70 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -28,12 +98,154 @@ "y": 0 }, "panelIndex": "5d934c5f-f909-4f75-a036-ac6253f5f974", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -43,12 +255,199 @@ "y": 0 }, "panelIndex": "7d27410b-537a-4c95-a1d8-8a64f363b90c", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Login Activity", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event ID", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Event Category", + "field": "event.category", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Event Outcome", + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "N/A", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "winlog.event_id", + "negate": false, + "params": [ + "4740", + "4728", + "4732", + "4756", + "4735", + "4624", + "4625", + "4648" + ], + "type": "phrases", + "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "winlog.event_id": "4740" + } + }, + { + "match_phrase": { + "winlog.event_id": "4728" + } + }, + { + "match_phrase": { + "winlog.event_id": "4732" + } + }, + { + "match_phrase": { + "winlog.event_id": "4756" + } + }, + { + "match_phrase": { + "winlog.event_id": "4735" + } + }, + { + "match_phrase": { + "winlog.event_id": "4624" + } + }, + { + "match_phrase": { + "winlog.event_id": "4625" + } + }, + { + "match_phrase": { + "winlog.event_id": "4648" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -58,12 +457,95 @@ "y": 18 }, "panelIndex": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b", - "panelRefName": "panel_2", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Provider Login Distribution", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#BF1B00", + "success": "#629E51" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Provider", + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -73,43 +555,43 @@ "y": 18 }, "panelIndex": "4c4f5228-f158-4ccc-afa5-e90d73bca46d", - "panelRefName": "panel_3", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Windows Event Analysis - Logins", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cc6c9cf0-fa06-11eb-96cd-db0fb11a40f3", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "search", + "name": "5d934c5f-f909-4f75-a036-ac6253f5f974:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "7d27410b-537a-4c95-a1d8-8a64f363b90c:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" }, { - "id": "hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "index-pattern", + "name": "27bdc4ea-7adc-4dee-9526-402fb6ec6d8b:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4c4f5228-f158-4ccc-afa5-e90d73bca46d:search_0", + "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json index 4497957f304..2c51728929d 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,135 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: User Logins", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User Name", + "field": "user.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfExe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfExe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "psf.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "psf.exe" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "key": "hid_bravura_monitor.perf.transid", + "negate": false, + "params": { + "query": "C_AUTHCHAIN_LOGIN" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -28,12 +163,183 @@ "y": 0 }, "panelIndex": "b8ac330d-572e-459e-9266-bd44fc9ac283", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Users: Summary: Node Usage", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count of unique User ID" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count of unique User ID" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Count of unique User ID", + "field": "user.id" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "hid_bravura_monitor.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "hid_bravura_monitor.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -43,33 +349,43 @@ "y": 0 }, "panelIndex": "3316ec90-b61b-4f5a-9c43-02e7bda7604f", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Users - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d17be4f0-f9fa-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "b8ac330d-572e-459e-9266-bd44fc9ac283:kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3316ec90-b61b-4f5a-9c43-02e7bda7604f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json index c983344372e..e28638f09b4 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,172 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 13, @@ -28,12 +200,101 @@ "y": 0 }, "panelIndex": "a8b8efc3-5a4e-470b-9229-7ad661fb5012", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Targets", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Targets", + "field": "hid_bravura_monitor.perf.targetid" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Connector", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -43,12 +304,98 @@ "y": 13 }, "panelIndex": "aea7ed7d-82b6-4939-975e-fd4deb845e39", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Operations Per Node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -58,12 +405,98 @@ "y": 13 }, "panelIndex": "def5b420-7c49-4363-a30f-7c0c6c13929d", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Operation List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Operation", + "field": "hid_bravura_monitor.perf.operation", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -73,12 +506,98 @@ "y": 13 }, "panelIndex": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d", - "panelRefName": "panel_3", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Return Code", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Result", + "field": "hid_bravura_monitor.perf.result", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -88,12 +607,98 @@ "y": 13 }, "panelIndex": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d", - "panelRefName": "panel_4", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector: Error Messages", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message", + "field": "hid_bravura_monitor.perf.message", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -103,12 +708,132 @@ "y": 13 }, "panelIndex": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a", - "panelRefName": "panel_5", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connector List", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target ID", + "field": "hid_bravura_monitor.perf.targetid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Address", + "field": "hid_bravura_monitor.perf.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Process", + "field": "log.logger", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "hid_bravura_monitor.perf.kind", + "negate": false, + "params": { + "query": "PerfConnector" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "hid_bravura_monitor.perf.kind": "PerfConnector" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -118,8 +843,8 @@ "y": 29 }, "panelIndex": "1efe3f34-de43-4ffb-992d-8b21cbb771a0", - "panelRefName": "panel_6", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -141,55 +866,85 @@ "title": "[Bravura Monitor] Integrations - Connectors", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d3a33820-fa02-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_7", + "type": "search" }, { - "id": "hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "a8b8efc3-5a4e-470b-9229-7ad661fb5012:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa", - "name": "panel_3", - "type": "visualization" + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa", - "name": "panel_4", - "type": "visualization" + "type": "index-pattern", + "name": "aea7ed7d-82b6-4939-975e-fd4deb845e39:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa", - "name": "panel_5", - "type": "visualization" + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa", - "name": "panel_6", - "type": "visualization" + "type": "index-pattern", + "name": "def5b420-7c49-4363-a30f-7c0c6c13929d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-bfc7f7c0-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_7", - "type": "search" + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3e25e5c-0f66-4eb3-916e-8243184f2b0d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c04915c9-e5d6-4c1f-815a-efc1c0b35c7d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7966004-1c02-4fa5-a8ce-5a3362adfb5a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "1efe3f34-de43-4ffb-992d-8b21cbb771a0:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json index 5238df49fac..bb3d2b7337e 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,155 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "User Login Success", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "2" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "2" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -28,12 +183,160 @@ "y": 0 }, "panelIndex": "5d1eb62a-f7dd-4f14-8961-96a768f70c07", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "User Login Failures", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "1" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "1" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -43,12 +346,160 @@ "y": 0 }, "panelIndex": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "User Login Lockout", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "3" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.code": "3" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -58,12 +509,191 @@ "y": 16 }, "panelIndex": "d68fe28e-8def-4ea8-b848-ef2b97430924", - "panelRefName": "panel_2", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "IDAPI Login Attempts", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "39", + "40" + ], + "type": "phrases", + "value": "39, 40" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "39" + } + }, + { + "match_phrase": { + "event.code": "40" + } + } + ] + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 16, @@ -73,43 +703,58 @@ "y": 16 }, "panelIndex": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8", - "panelRefName": "panel_3", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Users - Authentication", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d59177c0-f9fb-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "5d1eb62a-f7dd-4f14-8961-96a768f70c07:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" }, { - "id": "hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "013b41ba-55b7-4ed3-9c9e-5c3984651cd8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "d68fe28e-8def-4ea8-b848-ef2b97430924:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" + }, + { + "type": "index-pattern", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "63b07db7-cd19-4cb8-839d-e7801ef7c5f8:search_0", + "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json index 4b5846150bc..0aad9022515 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5MywxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,99 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Severity Counts", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Severity", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -28,12 +127,178 @@ "y": 0 }, "panelIndex": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd", - "panelRefName": "panel_0", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Log Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "log.logger", + "negate": false, + "params": { + "query": "iddb.exe" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "log.logger": "iddb.exe" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 26, @@ -43,33 +308,38 @@ "y": 0 }, "panelIndex": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1", - "panelRefName": "panel_1", - "version": "7.11.0" + "version": "8.0.0", + "type": "visualization" } ], "timeRestore": false, "title": "[Bravura Monitor] Database - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db22d850-fa00-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "ef0f2d41-363f-4573-b92a-9ecb0af8b1fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "bb8e09a0-aadf-48a8-a5a9-af581d3b42d1:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json index abe93e2efb0..b9b60a744fd 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5NCwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,70 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Host Usage", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -28,12 +98,156 @@ "y": 0 }, "panelIndex": "7fcb881a-1fac-40f3-8344-abc9d970bea0", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Node", + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -43,12 +257,116 @@ "y": 0 }, "panelIndex": "41db8b4e-a061-4e68-a8dc-4fe557771bdc", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Database: Stored Procedure Runtime Statistics", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 5, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Function", + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Average (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Max (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Total (ms)", + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 17, @@ -58,8 +376,8 @@ "y": 18 }, "panelIndex": "67513776-5611-456a-bafd-42938542c90a", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -81,35 +399,30 @@ "title": "[Bravura Monitor] Database - Stored Procedure Performance", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-e9fa5320-fa01-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, { - "id": "hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "7fcb881a-1fac-40f3-8344-abc9d970bea0:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "41db8b4e-a061-4e68-a8dc-4fe557771bdc:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" + "type": "search", + "name": "67513776-5611-456a-bafd-42938542c90a:search_0", + "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json index ba3e46ab0c2..932b16b8a29 100644 --- a/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json +++ b/packages/hid_bravura_monitor/kibana/dashboard/hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499.json @@ -1,4 +1,11 @@ { + "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-21T21:15:03.667Z", + "version": "WzY5NSwxXQ==", "attributes": { "description": "", "hits": 0, @@ -18,7 +25,149 @@ "panelsJSON": [ { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node historgram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 14, @@ -28,12 +177,74 @@ "y": 0 }, "panelIndex": "05d010e5-934c-4b70-ad98-d3b3a191b9e2", - "panelRefName": "panel_0", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "API: Calls per node", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -43,12 +254,110 @@ "y": 14 }, "panelIndex": "8ffb10cd-0ea2-4036-8003-8c65e128a201", - "panelRefName": "panel_1", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "API: Function runtimes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 0, + "direction": "asc" + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "hid_bravura_monitor.perf.function", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "5", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "6", + "params": { + "field": "hid_bravura_monitor.perf.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 19, @@ -58,8 +367,8 @@ "y": 14 }, "panelIndex": "674a1c30-76cd-429f-a9e6-941aef3e982d", - "panelRefName": "panel_2", - "version": "8.0.0" + "version": "8.0.0", + "type": "visualization" }, { "embeddableConfig": { @@ -81,35 +390,30 @@ "title": "[Bravura Monitor] API - Summary", "version": 1 }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f8112090-fa03-11eb-a1ab-1964dffd1499", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa", - "name": "panel_0", - "type": "visualization" + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", + "name": "panel_3", + "type": "search" }, { - "id": "hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "05d010e5-934c-4b70-ad98-d3b3a191b9e2:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "8ffb10cd-0ea2-4036-8003-8c65e128a201:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" }, { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "panel_3", - "type": "search" + "type": "search", + "name": "674a1c30-76cd-429f-a9e6-941aef3e982d:search_0", + "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b027c9cfb72..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": "Transaction is NULL", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": true, - "params": { - "query": "" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "" - } - } - }, - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "hid_bravura_monitor.perf.transid" - }, - "meta": { - "alias": "Transaction exists", - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Pages: UI Transactions", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "UI Transaction", - "field": "hid_bravura_monitor.perf.transid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Pages: UI Transactions", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-00cbeab0-1a28-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-77cbe8b0-de89-11eb-a272-2d62b237e243", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 0425463b297..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operations Per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Operations Per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-00dc0a80-1adc-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 42eecae1da3..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Users: API: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-05cb9390-1a22-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f6c4d6a4899..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operation List", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Operation List", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-06fb9d30-1a24-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json deleted file mode 100644 index aa5d0398f6f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Function Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Function Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0799ca70-2b66-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json deleted file mode 100644 index 37674f74519..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Administrative Summary Table", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Integration", - "field": "winlog.event_data.Module", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Administrative Summary Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-07f86e00-d835-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 63eba0496e8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operations", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Workflow: Operations", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0cb6caa0-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index cb1231f1c86..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operation Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Workflow: Operation Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-0cf3f020-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 52150df2e49..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Requesters", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Requester", - "field": "winlog.event_data.Requester", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Requesters", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1211f840-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json deleted file mode 100644 index d273dccc95f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,193 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "hid_bravura_monitor.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "hid_bravura_monitor.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Summary: Node Usage", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Count of unique User ID", - "field": "user.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count of unique User ID" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count of unique User ID" - }, - "type": "value" - } - ] - }, - "title": "Users: Summary: Node Usage", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1269fd70-1956-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 338dacec036..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Stored Procedure Runtime Statistics", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 5, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Stored Procedure Runtime Statistics", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1498e300-1482-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index 08f11d8be5d..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Plugin: Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Plugin", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Plugin: Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1a2adb70-2f44-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-39072a50-2f42-11eb-b6a1-bdb7d768b585", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 373332398f1..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Dataset: Log Type Counts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Log Type", - "field": "hid_bravura_monitor.perf.kind", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Dataset: Log Type Counts", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1b439670-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b9c897bfbc0..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Return Code", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Result", - "field": "hid_bravura_monitor.perf.result", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Return Code", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-1ddd3300-1a25-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bbacb7b59de..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Nodes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Nodes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-20a85000-1a1c-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 015e38af4dc..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "1" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "1" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-211feda0-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5bb5ba15917..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,181 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Provider Distribution", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Problem Provider Distribution", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-23133620-238b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index ec4ff3633f5..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Log issues histogram", - "uiStateJSON": { - "vis": { - "colors": { - "Error": "#BF1B00", - "Warning": "#E5AC0E" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "IDM Suite: Log issues histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-24823410-1464-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index 6dc95951455..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "8" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "8" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Transaction Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Transaction Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2722d7e0-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bc48903afbc..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Login Attempts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Login Attempts", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2a088ae0-243d-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 87178aa21ed..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" - } - }, - { - "match_phrase": { - "event.code": "33" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Unlocked Profiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Unlocked Profiles", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-2ffbfc20-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json deleted file mode 100644 index 3637b6f8145..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Administrative Summary", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Administrative Summary", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-33258a00-d398-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a472430368a..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Load by queue", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Queue", - "field": "hid_bravura_monitor.perf.receivequeue", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Replication: Load by queue", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-341531e0-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 2f9d4965e54..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Host Usage", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Host Usage", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-37fb60d0-1481-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 1880de4f07f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Calls per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Calls per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3bd92210-1a25-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 7300710b3bf..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": true, - "params": { - "query": "85" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "85" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Recipients", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Recipient", - "field": "winlog.event_data.Recipient", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Recipients", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-3ec54c70-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 11fc285bc97..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Logins", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "User Logins", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-42dc53c0-243e-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5d9588079ba..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Events", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 3, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Source", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Log", - "field": "winlog.channel", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 20, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Problem Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-489a4f50-2453-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f58ed2c93c9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Operation count", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Operation", - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Operation count", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4b0765d0-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index 6f4e7f1fac4..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Bravura: Selector: Return Code", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "hid_bravura_monitor.perf.result", - "id": "1606164462534", - "indexPatternRefName": "control_0_index_pattern", - "label": "Return Code", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 10, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Bravura: Selector: Return Code", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-4bfcdae0-2dcd-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 90dcba8fbd8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Pages: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Transactions represent a UI page the user sees.\n\nWhat pages are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "title": "Users: Pages: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-552d3e80-1a26-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 247461b6a78..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Search: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Search engines need to return quickly since users are waiting on their results. There is a direct correlation between search time and user experience.\n\nAs a general rule, Search stored procedures should take less than a second to run on average. \n\nSearch stored procedure performance is impacted by elements such as:\n\n* Data size. Larger data consumes more CPU, Ram, Disk I/O on the database server. \n* Policies such as acls, filtering, etc. \n* Indexes. Sometimes they fragment degrading overall performance. \n* Table/Index Locking with other database actions.\n\nStrategies for improving database search performance include:\n\n* Rebuild fragmented database indexes.\n* Evaluate if more RAM/CPU\n\nWhen these don't work, Developers will need database execution plans to review options.", - "openLinksInNewTab": false - }, - "title": "Database: Search: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-59482290-25da-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index 8275282816b..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "Failed to insert data into database replication queue", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "9" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "9" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Queue Insert Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Queue Insert Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-5b5237e0-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json deleted file mode 100644 index bc2ac0dad5f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Discovery: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Discovery stored procedures are involved with loading data from integrations ( Connectors and LWS ) into the product database to learn about changes in the environment we are managing Identities and Access in. \n\nSome general rules of thumbs:\n\n* LWS stored procdures need to be quick. None should take a second.\n* Iddiscover.exe stored procedures can run for much longer. Minutes to hours in large environments to process large changes in bulk. \n\nStrategies for improving the performance of these stored procedures include:\n\n* Rebuild fragmented database indexes\n* Review if database is low on RAM, CPU, or I/O bandwidth.\n\nIf you continue to encounter problems developers will require database execution plans to review the operation of these procedures. ", - "openLinksInNewTab": false - }, - "title": "Database: Discovery: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-64035e60-25db-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fadf9642c87..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Operation Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.operation", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Connector: Operation Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-64514c50-1a1f-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fd66902fca9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Calls per node historgram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "API: Calls per node historgram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-659dad40-25b6-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 564e9e03961..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 59, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Problem Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-66c884f0-2382-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a66d27472a7..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Affected users", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Users", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Affected users", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-670cf140-1a1c-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json deleted file mode 100644 index 07caaae82d3..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "81 - Approved\n82 - Denied\n83 - Cancelled\n84 - Revoked\n85 - Processed", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow Request Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Workflow Request Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ac75200-d90a-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-53be5e10-d909-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index b472576e457..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "2" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "2" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Success", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Success", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-6ad826b0-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json deleted file mode 100644 index fc30ba93b13..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,207 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "39", - "40" - ], - "type": "phrases", - "value": "39, 40" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "39" - } - }, - { - "match_phrase": { - "event.code": "40" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDAPI Login Attempts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "IDAPI Login Attempts", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-70a8f8e0-d392-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index ae8f47a1f6c..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Instance", - "field": "agent.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-76cb60d0-1463-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5b83068d2d8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,206 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psupdate.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Discovery Runtimes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Sum of Duration (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2021-01-11T07:00:00.000Z", - "to": "2021-01-18T07:00:00.000Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of Duration (ms)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Sum of Duration (ms)" - }, - "type": "value" - } - ] - }, - "title": "Discovery Runtimes", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-77701bc0-25bb-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 46e0b43be02..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Workflow: Operations per Node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Workflow: Operations per Node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-77f6f520-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-d1f2d8c0-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index f80d0599b01..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "Failed to run stored procedure on replication database.", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "10" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "10" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Stored Procedure Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Stored Procedure Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-80efbc20-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 01e47697e75..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Discovery Events", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event", - "field": "hid_bravura_monitor.perf.event", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Discovery Events", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-82277da0-25d5-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-dd637750-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json deleted file mode 100644 index d630b815529..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "hid_bravura_monitor.perf.exe", - "negate": false, - "params": { - "query": "psupdate.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.exe": "psupdate.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Discovery Runtime Table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Runtime (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Discovery ID", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Discovery Runtime Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-82432550-25bc-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 1e00039f0c6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector List", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Address", - "field": "hid_bravura_monitor.perf.address", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector List", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-85943290-1a2b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b1a9117a87f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Executable Count", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Executable", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Executable Count", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-878feb30-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index cd8d0fedc6c..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Function runtimes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 0, - "direction": "asc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "API: Function runtimes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-87baab60-25b8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json deleted file mode 100644 index ddf4b982870..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Severity Counts", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Database: Severity Counts", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-89e6a260-25d4-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json deleted file mode 100644 index f6c3a8e0290..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Dataset: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Dataset: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8c755c30-25d7-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-465760e0-25d7-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 066148a542b..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Distribution", - "uiStateJSON": { - "vis": { - "colors": { - "error": "#EF843C", - "warning": "#EAB839" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Problem Distribution", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-8ec75c50-2383-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 49cb1c9e0d9..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "3" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "3" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Login Lockout", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "User Login Lockout", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9036f440-d37f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 3eb1d2d8b73..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: API: Users", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: API: Users", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9357e910-2b67-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-ad5f7180-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a6220d66a34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Stored Procedures", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Replication: Stored Procedures", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-95fb9a70-25d8-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b0964ee28fd..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector Return Code: Legend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "Success - 0\n\nUnknown Error - 1\n\nCannot Connect - 3\n\nInvalid Server - 5\n\nAccess Denied - 11\n\nVerify Failed - 14", - "openLinksInNewTab": false - }, - "title": "Connector Return Code: Legend", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-979ecd00-1abd-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json deleted file mode 100644 index d043d2b1e11..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "78" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "78" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "File Replication Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "File Replication Errors", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9a513b80-d388-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 088bf5c58d5..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "32", - "33" - ], - "type": "phrases", - "value": "32, 33" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "32" - } - }, - { - "match_phrase": { - "event.code": "33" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unlocked Profile Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Unlocked Profile Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-9a75fb00-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 921d21e6834..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "User Problem Distribution", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User", - "field": "winlog.user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Severity", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "User Problem Distribution", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a29a1cc0-238a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json deleted file mode 100644 index ba1d68b53b1..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Replication: Total over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Total (ms)" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Total (ms)" - }, - "type": "value" - } - ] - }, - "title": "Database: Replication: Total over time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a8002430-25d7-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2e254220-df55-11eb-9b6e-d57491399e2a", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index 1325c11ef41..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by level", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Level", - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by level", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-a950c4e0-1464-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json deleted file mode 100644 index fc4f006c7b6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,214 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "winlog.event_id", - "negate": false, - "params": [ - "4740", - "4728", - "4732", - "4756", - "4735", - "4624", - "4625", - "4648" - ], - "type": "phrases", - "value": "4740, 4728, 4732, 4756, 4735, 4624, 4625, 4648" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "winlog.event_id": "4740" - } - }, - { - "match_phrase": { - "winlog.event_id": "4728" - } - }, - { - "match_phrase": { - "winlog.event_id": "4732" - } - }, - { - "match_phrase": { - "winlog.event_id": "4756" - } - }, - { - "match_phrase": { - "winlog.event_id": "4735" - } - }, - { - "match_phrase": { - "winlog.event_id": "4624" - } - }, - { - "match_phrase": { - "winlog.event_id": "4625" - } - }, - { - "match_phrase": { - "winlog.event_id": "4648" - } - } - ] - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Login Activity", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event ID", - "field": "winlog.event_id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Event Category", - "field": "event.category", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Event Outcome", - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "N/A", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Login Activity", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-aabca810-2456-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 5f74a8773bb..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "62 - Self-service password reset\n65 - Help-desk assisted password reset", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "62", - "65" - ], - "type": "phrases", - "value": "62, 65" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "62" - } - }, - { - "match_phrase": { - "event.code": "65" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Password Resets Started", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Event Code", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Password Resets Started", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b8f9a5c0-d83f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json deleted file mode 100644 index d620ccfa402..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Stored Procedure Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Database: Stored Procedure Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-b9fb36b0-1480-11eb-bb7b-bb041e8cf289", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-83eacd90-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 80d6692de4f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfExe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfExe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "psf.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "psf.exe" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "key": "hid_bravura_monitor.perf.transid", - "negate": false, - "params": { - "query": "C_AUTHCHAIN_LOGIN" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.transid": "C_AUTHCHAIN_LOGIN" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: Summary: User Logins", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "User Name", - "field": "user.id", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Summary: User Logins", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-bde40aa0-1957-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 58e2eb889ec..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Users: API: Help", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "Ajax is a REST like API used by the UI.\n\nWhat actions are people calling and what performance are they experiencing?", - "openLinksInNewTab": false - }, - "title": "Users: API: Help", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-be6560d0-1a21-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 206e1930f26..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "API: Calls per node", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "API: Calls per node", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c0e79490-25b6-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-991d9760-1473-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json deleted file mode 100644 index 3a798d48152..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" - } - }, - { - "match_phrase": { - "event.code": "31" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top 10 Disabled Profiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Profile", - "field": "winlog.event_data.Profile", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top 10 Disabled Profiles", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c318d000-d83d-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json deleted file mode 100644 index f7636cd1aac..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "30", - "31" - ], - "type": "phrases", - "value": "30, 31" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "30" - } - }, - { - "match_phrase": { - "event.code": "31" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Disabled Profiles Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Disabled Profiles Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-c85815c0-d83e-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5bf9640f267..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Provider Login Distribution", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#BF1B00", - "success": "#629E51" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Provider", - "field": "winlog.provider_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Outcome", - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Provider Login Distribution", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cc0f81c0-243f-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1a724dd0-2395-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 3aec05341e8..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Node counts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Node counts", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-cf6ea950-1ade-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 6349583aec2..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Discovery procedures", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Discovery procedures", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d3897a80-25db-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-3aa4b370-25db-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json deleted file mode 100644 index b5295e5574f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Error Messages", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Error Messages", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d5dcbf40-1a28-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json deleted file mode 100644 index c836e7c6777..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,193 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "log.logger", - "negate": false, - "params": { - "query": "iddb.exe" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "log.logger": "iddb.exe" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Database: Log Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Database: Log Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d5fae950-25d3-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json deleted file mode 100644 index f57147cf932..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "IDM Suite: Errors/Warnings by process", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "IDM Suite: Errors/Warnings by process", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d66fb2a0-3ed6-11eb-9549-63f6cd998f21", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-2ec4a850-1463-11eb-bb7b-bb041e8cf289", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 469a9ee8bcb..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90d", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Connector Return Code: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-d7dc3680-1add-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json deleted file mode 100644 index e8e2caf44db..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Processes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Users: Issues: Processes", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db3f9af0-1a1b-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 60c57794b34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Targets", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Targets", - "field": "hid_bravura_monitor.perf.targetid" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Connector", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Targets", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-db898d80-1a21-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 4240a3bfdc6..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Problem Heat Map", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Yellow to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": true, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Problem Heat Map", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-dbc305e0-245a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-1616ab00-22c8-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json deleted file mode 100644 index a260a62f098..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "hid_bravura_monitor.perf.kind", - "negate": false, - "params": { - "query": "PerfConnector" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "hid_bravura_monitor.perf.kind": "PerfConnector" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Connector: Target Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Target ID", - "field": "hid_bravura_monitor.perf.targetid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Max (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector: Target Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-ec082d90-1aaf-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 8e159a92a7f..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Database: Search performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Function", - "field": "hid_bravura_monitor.perf.function", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Database: Search performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-ef5b4da0-2b6d-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-046c7b20-2b6d-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 5570808654d..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connector Return Code: Messages", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message", - "field": "hid_bravura_monitor.perf.message", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1000 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Connector Return Code: Messages", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f596ebf0-1adf-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-55100560-1add-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json deleted file mode 100644 index f631a024627..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Executables: Performance", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Process", - "field": "log.logger", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100000 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Average (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Minimum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Maximum (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "max" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Total (ms)", - "field": "hid_bravura_monitor.perf.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Executables: Performance", - "type": "table" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-f9ed0ec0-2eab-11eb-b6a1-bdb7d768b585", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-95032a30-2eab-11eb-b6a1-bdb7d768b585", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json deleted file mode 100644 index 96c3ab5fd34..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": { - "query": "6" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.code": "6" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Replication Database Connection Failures", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Replication Database Connection Failures", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fddce510-d387-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-089d63f0-d37c-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json deleted file mode 100644 index 50510cc5d36..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa.json +++ /dev/null @@ -1,166 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Users: Issues: Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Node", - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Users: Issues: Histogram", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fe363790-1a1a-11eb-abcf-effcd51852fa", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "hid_bravura_monitor-9e4165d0-1a1a-11eb-abcf-effcd51852fa", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json b/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json deleted file mode 100644 index 4b534e050ec..00000000000 --- a/packages/hid_bravura_monitor/kibana/visualization/hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215.json +++ /dev/null @@ -1,219 +0,0 @@ -{ - "attributes": { - "description": "63 - Self-service password reset successful.\n64 - Self-service password reset failed.\n66 - Help-desk assisted password reset successful.\n67 - Help-desk assisted password reset failed.", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.code", - "negate": false, - "params": [ - "63", - "64", - "66", - "67" - ], - "type": "phrases", - "value": "63, 64, 66, 67" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "event.code": "63" - } - }, - { - "match_phrase": { - "event.code": "64" - } - }, - { - "match_phrase": { - "event.code": "66" - } - }, - { - "match_phrase": { - "event.code": "67" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Password Resets Trend", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Event", - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": {}, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Password Resets Trend", - "type": "line" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "hid_bravura_monitor-fe779080-d83f-11eb-9e70-edcbba448215", - "migrationVersion": { - "visualization": "7.14.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "hid_bravura_monitor-dca8bb20-d397-11eb-9e70-edcbba448215", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index 6c8dddb0316..014c57f158b 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: "1.3.1" +version: "1.3.2" categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. @@ -12,7 +12,7 @@ icons: type: image/svg+xml conditions: kibana: - version: ^7.16.0 || ^8.0.0 + version: ^8.1.0 screenshots: - src: /img/kibana-hid_bravura_monitor-overview.png title: Kibana Hitachi ID Bravura Monitor overview diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index a66b2fbd3b3..e34de579b8a 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.2.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json index 0180b9334ec..65a894f9551 100644 --- a/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json +++ b/packages/iptables/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json @@ -1,246 +1,612 @@ { - "attributes": { - "description": "Overview of the iptables events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T09:16:22.532Z", + "version": "WzU4MiwxXQ==", + "attributes": { + "description": "Overview of the iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:iptables.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "Events Timeline [Logs Iptables]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "linear", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:iptables.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 37, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 37, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Source Countries [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 11, - "x": 37, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 19, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Type Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6", - "w": 18, - "x": 19, - "y": 30 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7", - "w": 11, - "x": 37, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 19, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "8", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "search", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Source Map [Logs Iptables]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "be0cae7a-45f7-4912-88ad-47924a84445e", - "w": 24, - "x": 0, - "y": 15 - }, - "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 18, + "x": 19, + "y": 30 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Destination Ports [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Map [Logs Iptables]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "w": 24, - "x": 24, - "y": 15 + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "iptables.length:*" + } + } } - ], - "timeRestore": false, - "title": "[Logs Iptables] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 15, + "i": "7", + "w": 11, + "x": 37, + "y": 30 }, - { - "id": "iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 19, + "i": "8", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "8", + "panelRefName": "panel_8", + "type": "search", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "be0cae7a-45f7-4912-88ad-47924a84445e", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "8:panel_8", - "type": "search" - }, - { - "id": "logs-*", - "name": "be0cae7a-45f7-4912-88ad-47924a84445e:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "be0cae7a-45f7-4912-88ad-47924a84445e", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"819f99c3-9bfa-4b32-b42a-eaddd3a1cafa\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"515d04a8-6e07-48ea-a5c8-ca668c73f20b\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Source Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"bfc1b1f2-5e9d-4e48-b6bb-c601bf895655\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Source Map [Logs Iptables]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"6b510351-9284-44f3-8997-27e6ad4ec559\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"e9743ec6-ebc4-427d-9c20-48f1cec1fcaa\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"786e2e19-4809-49b5-91ba-5cb5a740d21b\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"iptables.length:*\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Map [Logs Iptables]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Iptables] Overview", + "version": 1 + }, + "references": [ + { + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", + "name": "8:panel_8", + "type": "search" + }, + { + "id": "logs-*", + "name": "be0cae7a-45f7-4912-88ad-47924a84445e:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "abcc1ae8-b22b-4a2a-b7ad-2082ba3f71aa:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "2:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json index c0a7c34c060..5f7c08418a1 100644 --- a/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json +++ b/packages/iptables/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json @@ -1,246 +1,635 @@ { - "attributes": { - "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T09:16:22.532Z", + "version": "WzU4MywxXQ==", + "attributes": { + "description": "Overview of the Ubiquiti Firewall iptables events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:iptables.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + }, + "legendOpen": true + }, + "savedVis": { + "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "colors": { + "allow": "#64B0C8", + "deny": "#E24D42" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "top", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2019-01-24T15:47:12.171Z", + "mode": "absolute", + "to": "2019-01-24T15:47:52.785Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:iptables.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 33, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "allow": "#64B0C8", - "deny": "#E24D42" - }, - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "1", - "w": 33, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "title": "Event Timeline", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "title": "Event Timeline", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "title": "Top Blocked by source IP", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "colors": { - "allow": "#7EB26D", - "deny": "#E24D42", - "icmp": "#F29191", - "ipv4": "#65C5DB", - "ipv6": "#D683CE", - "ipv6-icmp": "#EA6460", - "tcp": "#447EBC", - "udp": "#F2C96D" - } - } - }, - "gridData": { - "h": 18, - "i": "5", - "w": 24, - "x": 0, - "y": 30 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "title": "Traffic Breakdown by Protocol", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "2", + "title": "Top Blocked by source IP", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "colors": { + "allow": "#7EB26D", + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + }, + "savedVis": { + "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "colors": { + "deny": "#E24D42", + "icmp": "#F29191", + "ipv4": "#65C5DB", + "ipv6": "#D683CE", + "ipv6-icmp": "#EA6460", + "tcp": "#447EBC", + "udp": "#F2C96D" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 27, - "i": "6", - "w": 48, - "x": 0, - "y": 48 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "title": "Event View", - "type": "search", - "version": "8.0.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": false, + "show": true, + "truncate": 100, + "values": false + }, + "legendPosition": "top", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 18, - "i": "7", - "w": 24, - "x": 24, - "y": 30 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "title": "Traffic Breakdown by Port", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Allowed Traffic Map", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 15, - "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", - "w": 24, - "x": 0, - "y": 15 + { + "enabled": true, + "id": "3", + "params": { + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "4", + "params": { + "field": "network.transport", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 18, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "title": "Traffic Breakdown by Protocol", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 27, + "i": "6", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "title": "Event View", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Blocked Traffic Map", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "params": { + "perPage": 10, + "row": false, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "w": 24, - "x": 24, - "y": 15 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "event.outcome", + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" }, - "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Iptables] Ubiquiti Firewall Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "iptables-758b3620-1fda-11e9-ae2a-939083c6a64e", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e", - "name": "2:panel_2", - "type": "visualization" + } }, - { - "id": "iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e", - "name": "5:panel_5", - "type": "visualization" + "gridData": { + "h": 18, + "i": "7", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "6:panel_6", - "type": "search" + "panelIndex": "7", + "title": "Traffic Breakdown by Port", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "02e3739f-47c9-45ac-b225-0e4f92dab753:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "02e3739f-47c9-45ac-b225-0e4f92dab753", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"7f6a8971-2ac4-49df-9ed3-2a81500c5e1d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9291aa55-640f-4ca8-9341-b73eecc00855\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Allowed Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"715de528-553d-4800-91d9-12bab368b24b\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Allowed Traffic Map", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "0cff36eb-abec-44db-9887-4ba9668d7c02", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "0cff36eb-abec-44db-9887-4ba9668d7c02:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "0cff36eb-abec-44db-9887-4ba9668d7c02", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"3ba7d195-0d25-4f48-97a4-96e65b0e0b1b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"a6ce0882-5543-4649-9ebb-3393a06c44e6\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Ubiquiti Firewall Blocked Traffic Map [Logs Iptables]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"b93a08fa-124c-40a9-9171-37264d256c79\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Blocked Traffic Map", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Iptables] Ubiquiti Firewall Overview", + "version": 1 + }, + "references": [ + { + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", + "name": "6:panel_6", + "type": "search" + }, + { + "id": "logs-*", + "name": "02e3739f-47c9-45ac-b225-0e4f92dab753:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cff36eb-abec-44db-9887-4ba9668d7c02:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "2:search_0", + "id": "iptables-9f7d97c0-1fe9-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "5:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + }, + { + "type": "search", + "name": "7:search_0", + "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 550c60c224e..00000000000 --- a/packages/iptables/kibana/visualization/iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "event.outcome", - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination port", - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "row": false, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Ubiquiti Firewall Traffic by Port [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-190bcb50-1ff6-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 7e8e0bbbd27..00000000000 --- a/packages/iptables/kibana/visualization/iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Ubiquiti Firewall Top Blocked IPs [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-1ba82fd0-1ff0-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-9f7d97c0-1fe9-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index 64f8facf0f1..00000000000 --- a/packages/iptables/kibana/visualization/iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Source Countries [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Source Countries [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-2599f5e0-1e98-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index b3e2c903428..00000000000 --- a/packages/iptables/kibana/visualization/iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Network Transport Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": true, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Transport Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-35fe0910-1f26-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json b/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json deleted file mode 100644 index dd0f91858d3..00000000000 --- a/packages/iptables/kibana/visualization/iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb.json +++ /dev/null @@ -1,136 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Events Timeline [Logs Iptables]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "linear", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Events Timeline [Logs Iptables]", - "type": "area" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-4c913eb0-1f51-11e9-93ed-f7e068f4aebb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index 1010541cc39..00000000000 --- a/packages/iptables/kibana/visualization/iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Destination Ports [Logs Iptables]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Port", - "field": "destination.port", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destination Ports [Logs Iptables]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-683402b0-1f29-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index d4081ce0c50..00000000000 --- a/packages/iptables/kibana/visualization/iptables-758b3620-1fda-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", - "uiStateJSON": { - "vis": { - "colors": { - "allow": "#64B0C8", - "deny": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "timeRange": { - "from": "2019-01-24T15:47:12.171Z", - "mode": "absolute", - "to": "2019-01-24T15:47:52.785Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "top", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Ubiquiti Firewall Event Timeline [Logs Iptables]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-758b3620-1fda-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json b/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json deleted file mode 100644 index e3a249a5f65..00000000000 --- a/packages/iptables/kibana/visualization/iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "iptables.length:*" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Network Type Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": true, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Type Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-b57b7370-1f1d-11e9-8ec4-cf5d91a864b3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json b/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json deleted file mode 100644 index 6f84873c8be..00000000000 --- a/packages/iptables/kibana/visualization/iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", - "uiStateJSON": { - "vis": { - "colors": { - "deny": "#E24D42", - "icmp": "#F29191", - "ipv4": "#65C5DB", - "ipv6": "#D683CE", - "ipv6-icmp": "#EA6460", - "tcp": "#447EBC", - "udp": "#F2C96D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "network.transport", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": false, - "show": true, - "truncate": 100, - "values": false - }, - "legendPosition": "top", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Ubiquiti Firewall Traffic Breakdown [Logs Iptables]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "iptables-fdea1ad0-1ff4-11e9-ae2a-939083c6a64e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index b5262b4aeec..a40e60d08a0 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.2.0" +version: "1.2.1" release: ga description: Collect logs from Iptables with Elastic Agent. type: integration @@ -15,7 +15,7 @@ categories: - network - security conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-iptables.png title: kibana iptables diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 1902e56735f..b8f59b4b5d2 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.5.1" changes: - description: Remove duplicate fields. diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index 7286c5cdc9f..291068c5404 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-02T01:30:05.670Z", + "@timestamp": "2022-11-14T19:50:59.768Z", "agent": { - "ephemeral_id": "9cc31363-7ffb-4763-9bec-cef372647d15", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "93e5742b-8836-464d-a718-bd7fdb13c1e1", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "cloud": { "account": { @@ -25,9 +25,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "Execution", @@ -40,7 +40,7 @@ "duration": 101466100, "end": "2021-01-26T20:31:33.0577322Z", "id": "da637472900382838869_1364969609", - "ingested": "2022-01-02T01:30:06Z", + "ingested": "2022-11-14T19:51:03Z", "kind": "alert", "provider": "defender_endpoint", "severity": 2, diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index 02343be890b..868a5f0c067 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -47,13 +47,13 @@ An example event for `log` looks as following: ```json { - "@timestamp": "2022-01-02T01:30:05.670Z", + "@timestamp": "2022-11-14T19:50:59.768Z", "agent": { - "ephemeral_id": "9cc31363-7ffb-4763-9bec-cef372647d15", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "93e5742b-8836-464d-a718-bd7fdb13c1e1", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "cloud": { "account": { @@ -73,9 +73,9 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "0ccbfbd9-e624-40f2-93b6-721ebe550b0f", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "Execution", @@ -88,7 +88,7 @@ An example event for `log` looks as following: "duration": 101466100, "end": "2021-01-26T20:31:33.0577322Z", "id": "da637472900382838869_1364969609", - "ingested": "2022-01-02T01:30:06Z", + "ingested": "2022-11-14T19:51:03Z", "kind": "alert", "provider": "defender_endpoint", "severity": 2, diff --git a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json index 7121958aab5..4107139502b 100644 --- a/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json +++ b/packages/microsoft_defender_endpoint/kibana/dashboard/microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55.json @@ -1,175 +1,1155 @@ { - "attributes": { - "description": "Microsoft Defender for Endpoint Alert Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], + "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T10:13:20.146Z", + "version": "WzY0OSwxXQ==", + "attributes": { + "description": "Microsoft Defender for Endpoint Alert Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:microsoft_defender_endpoint.log" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "New Incidents Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Counter for new incidents", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 1 + }, + { + "from": 1, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "New Incidents", + "field": "microsoft.defender_endpoint.incidentId" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "data_stream.dataset:microsoft_defender_endpoint.log" + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 6, + "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "w": 4, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "w": 4, - "x": 0, - "y": 0 - }, - "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", - "panelRefName": "panel_0", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "74d36139-4d22-44d4-bfc8-020c575febb1", - "w": 25, - "x": 4, - "y": 0 - }, - "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", - "panelRefName": "panel_1", - "version": "7.8.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 24, - "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "w": 19, - "x": 29, - "y": 0 - }, - "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", - "panelRefName": "panel_2", - "title": "Techniques [Microsoft Defender for Endpoint]", - "version": "7.8.1" + "panelIndex": "8343f7ea-b977-44bf-bf81-6d41742093a4", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { + "columnOrder": [ + "19ade524-0042-4ecd-ac59-9696c8c2e225", + "677e5501-ca31-435c-8eab-38b5297e54c2", + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "columns": { + "19ade524-0042-4ecd-ac59-9696c8c2e225": { + "dataType": "number", + "isBucketed": true, + "label": "Top values of event.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", + "type": "column" + }, + "orderDirection": "desc", + "size": 6, + "parentFormat": { + "id": "terms" + } + }, + "scale": "ordinal", + "sourceField": "event.severity" + }, + "27212c7c-83ee-4292-a4c6-396d9b77dce6": { + "dataType": "number", + "isBucketed": false, + "label": "Number of incidents", + "operationType": "unique_count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.defender_endpoint.incidentId" + }, + "677e5501-ca31-435c-8eab-38b5297e54c2": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "24h" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "27212c7c-83ee-4292-a4c6-396d9b77dce6" + ], + "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", + "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "w": 4, - "x": 0, - "y": 6 - }, - "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", - "panelRefName": "panel_3", - "version": "7.8.1" + "title": "New Incidents [Microsoft Defender for Endpoint]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "74d36139-4d22-44d4-bfc8-020c575febb1", + "w": 25, + "x": 4, + "y": 0 + }, + "panelIndex": "74d36139-4d22-44d4-bfc8-020c575febb1", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "f93e2634-0dd5-4aec-b6de-45284dd39630": { + "columnOrder": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", + "0f67be87-cc6f-48e7-8afd-d9401037d006" + ], + "columns": { + "0f67be87-cc6f-48e7-8afd-d9401037d006": { + "dataType": "number", + "isBucketed": false, + "label": "Number of techniques", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { + "dataType": "string", + "isBucketed": true, + "label": "Related MITRE attach techniques", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "size": 10, + "parentFormat": { + "id": "terms" + } + }, + "scale": "ordinal", + "sourceField": "threat.technique.name" + } + } + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.integration", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.integration": "microsoft_defender_endpoint" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" + ], + "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", + "legendDisplay": "default", + "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", + "nestedLegend": false, + "numberDisplay": "percent", + "layerType": "data" + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "16e7059b-70a5-4ea4-b622-9015d7430419", - "w": 4, - "x": 0, - "y": 12 - }, - "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", - "panelRefName": "panel_4", - "version": "7.8.1" + "title": "Techniques [Microsoft Defender for Endpoint]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 24, + "i": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "w": 19, + "x": 29, + "y": 0 + }, + "panelIndex": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5", + "title": "Techniques [Microsoft Defender for Endpoint]", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Domains Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related domains", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "w": 4, - "x": 0, - "y": 18 - }, - "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", - "panelRefName": "panel_5", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Domains", + "field": "microsoft.defender_endpoint.evidence.domainName" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "w": 4, + "x": 0, + "y": 6 + }, + "panelIndex": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related IP Addresses", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "cb8de6bb-1096-427d-834e-210963aad3e5", - "w": 48, - "x": 0, - "y": 24 - }, - "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", - "panelRefName": "panel_6", - "version": "7.8.1" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Networks", + "field": "microsoft.defender_endpoint.evidence.ipAddress" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } } - ], - "timeRestore": false, - "title": "[Microsoft Defender for Endpoint] Overview", - "version": 1 - }, - "id": "microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 6, + "i": "16e7059b-70a5-4ea4-b622-9015d7430419", + "w": 4, + "x": 0, + "y": 12 }, - { - "id": "microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_2", - "type": "lens" + "panelIndex": "16e7059b-70a5-4ea4-b622-9015d7430419", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Related Users Counter [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint counter for related Users", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Related Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " + } + } + } + } }, - { - "id": "microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 6, + "i": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "w": 4, + "x": 0, + "y": 18 }, - { - "id": "microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_4", - "type": "visualization" + "panelIndex": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Incident Table [Microsoft Defender for Endpoint]", + "description": "Microsoft Defender for Endpoint Incident Table", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "percentageCol": "", + "row": true, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum", + "showToolbar": true + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "8", + "params": { + "aggregate": "concat", + "field": "@timestamp", + "size": 1, + "sortField": "@timestamp", + "sortOrder": "desc" + }, + "schema": "metric", + "type": "top_hits" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Incident ID", + "field": "microsoft.defender_endpoint.incidentId", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Current Status", + "field": "microsoft.defender_endpoint.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Assigned To", + "field": "microsoft.defender_endpoint.assignedTo", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Severity", + "field": "event.severity", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Hostname", + "field": "host.hostname", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "10", + "params": { + "customLabel": "Category", + "field": "threat.technique.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Description", + "field": "rule.description", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" + }, + "query": { + "prefix": { + "data_stream.dataset": "microsoft_defender_endpoint." + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_defender_endpoint.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_defender_endpoint.log" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 16, + "i": "cb8de6bb-1096-427d-834e-210963aad3e5", + "w": 48, + "x": 0, + "y": 24 }, - { - "id": "microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "cb8de6bb-1096-427d-834e-210963aad3e5", + "version": "8.0.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Microsoft Defender for Endpoint] Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8343f7ea-b977-44bf-bf81-6d41742093a4:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "74d36139-4d22-44d4-bfc8-020c575febb1:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a3e140ed-a0ed-4da0-8142-72d68fd7c5e5:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "f3843ab0-8b0f-4f64-805c-4ab0d0965d8a:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16e7059b-70a5-4ea4-b622-9015d7430419:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d8a5a667-ed0b-42ed-ae7d-edbfa722677f:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "cb8de6bb-1096-427d-834e-210963aad3e5:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 028339d9959..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "f93e2634-0dd5-4aec-b6de-45284dd39630": { - "columnOrder": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51", - "0f67be87-cc6f-48e7-8afd-d9401037d006" - ], - "columns": { - "0f67be87-cc6f-48e7-8afd-d9401037d006": { - "dataType": "number", - "isBucketed": false, - "label": "Number of techniques", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51": { - "dataType": "string", - "isBucketed": true, - "label": "Related MITRE attach techniques", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "threat.technique.name" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "12ecaf1f-b957-4c15-8f43-8f043a7d1d51" - ], - "layerId": "f93e2634-0dd5-4aec-b6de-45284dd39630", - "legendDisplay": "default", - "metric": "0f67be87-cc6f-48e7-8afd-d9401037d006", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "treemap" - } - }, - "title": "Techniques [Microsoft Defender for Endpoint]", - "visualizationType": "lnsPie" - }, - "id": "microsoft_defender_endpoint-14d367f0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-f93e2634-0dd5-4aec-b6de-45284dd39630", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e3b06ec51cb..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/lens/microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ac550ae9-6e17-4944-9545-25bbe83d9dbb": { - "columnOrder": [ - "19ade524-0042-4ecd-ac59-9696c8c2e225", - "677e5501-ca31-435c-8eab-38b5297e54c2", - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "columns": { - "19ade524-0042-4ecd-ac59-9696c8c2e225": { - "dataType": "number", - "isBucketed": true, - "label": "Top values of event.severity", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "27212c7c-83ee-4292-a4c6-396d9b77dce6", - "type": "column" - }, - "orderDirection": "desc", - "size": 6 - }, - "scale": "ordinal", - "sourceField": "event.severity" - }, - "27212c7c-83ee-4292-a4c6-396d9b77dce6": { - "dataType": "number", - "isBucketed": false, - "label": "Number of incidents", - "operationType": "cardinality", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "microsoft.defender_endpoint.incidentId" - }, - "677e5501-ca31-435c-8eab-38b5297e54c2": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "24h" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - } - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "event.integration", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.integration": "microsoft_defender_endpoint" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "accessors": [ - "27212c7c-83ee-4292-a4c6-396d9b77dce6" - ], - "layerId": "ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "19ade524-0042-4ecd-ac59-9696c8c2e225", - "xAccessor": "677e5501-ca31-435c-8eab-38b5297e54c2" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line" - } - }, - "title": "New Incidents [Microsoft Defender for Endpoint]", - "visualizationType": "lnsXY" - }, - "id": "microsoft_defender_endpoint-e415af10-ca67-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "lens": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ac550ae9-6e17-4944-9545-25bbe83d9dbb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 40ce80238cb..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,244 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint Incident Table", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Incident Table [Microsoft Defender for Endpoint]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "8", - "params": { - "aggregate": "concat", - "field": "@timestamp", - "size": 1, - "sortField": "@timestamp", - "sortOrder": "desc" - }, - "schema": "metric", - "type": "top_hits" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Incident ID", - "field": "microsoft.defender_endpoint.incidentId", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 100 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Current Status", - "field": "microsoft.defender_endpoint.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Assigned To", - "field": "microsoft.defender_endpoint.assignedTo", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "9", - "params": { - "customLabel": "Severity", - "field": "event.severity", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Hostname", - "field": "host.hostname", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "10", - "params": { - "customLabel": "Category", - "field": "threat.technique.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Description", - "field": "rule.description", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 1 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "row": true, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Incident Table [Microsoft Defender for Endpoint]", - "type": "table" - } - }, - "id": "microsoft_defender_endpoint-00e8fca0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index caabefc2f54..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint Counter for new incidents", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "New Incidents", - "field": "microsoft.defender_endpoint.incidentId" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 1 - }, - { - "from": 1, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "New Incidents Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-3c64f400-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e7e1e816d65..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related Users", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Users", - "field": "user.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Related Users Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-62f081c0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index 4a5c7fa089c..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related domains", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Domains", - "field": "microsoft.defender_endpoint.evidence.domainName" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Domains Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-9e902dc0-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json b/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json deleted file mode 100644 index e77edb29a40..00000000000 --- a/packages/microsoft_defender_endpoint/kibana/visualization/microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "attributes": { - "description": "Microsoft Defender for Endpoint counter for related IP Addresses", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"prefix\":{\"data_stream.dataset\":\"microsoft_defender_endpoint.\"}}" - }, - "query": { - "prefix": { - "data_stream.dataset": "microsoft_defender_endpoint." - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "microsoft_defender_endpoint.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "microsoft_defender_endpoint.log" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"microsoft_defender_endpoint.log\" " - } - } - }, - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Related Networks", - "field": "microsoft.defender_endpoint.evidence.ipAddress" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "IP Addresses Counter [Microsoft Defender for Endpoint]", - "type": "metric" - } - }, - "id": "microsoft_defender_endpoint-b9fcbf60-ca68-11ea-9d4d-9737a63aaa55", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index ccf89b6183c..08cbcec1720 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "2.5.1" +version: "2.5.2" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" @@ -11,7 +11,7 @@ release: ga license: basic type: integration conditions: - kibana.version: ^7.14.1 || ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 565e3a68795..958233c0ea8 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.4.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" changes: - description: Remove duplicate fields. diff --git a/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json index 91c58431de0..fe8b1f5afe4 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5.json @@ -1,650 +1,655 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" + "id": "mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "47e0f438-1420-40d4-a779-1845993eb7ea": { + "columnOrder": [ + "031fd53e-b3ed-422e-b50a-6da93afe2752", + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" + ], + "columns": { + "031fd53e-b3ed-422e-b50a-6da93afe2752": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47e0f438-1420-40d4-a779-1845993eb7ea": { - "columnOrder": [ - "031fd53e-b3ed-422e-b50a-6da93afe2752", - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" - ], - "columns": { - "031fd53e-b3ed-422e-b50a-6da93afe2752": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.dlp_logs\"" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" - ], - "layerId": "47e0f438-1420-40d4-a779-1845993eb7ea", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "031fd53e-b3ed-422e-b50a-6da93afe2752" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.dlp_logs\"" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "15971769-d6c7-4cbd-a65b-41773cac89f9", - "w": 48, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "15971769-d6c7-4cbd-a65b-41773cac89f9", - "title": "DLP Logs Over Time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0fff056b-7794-4070-8170-3657002b9253": { - "columnOrder": [ - "e4eb146d-7546-4a24-ae35-eb2824b345a2", - "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" - ], - "columns": { - "c9c6ab54-8f0d-49b4-bf62-33f88decd52c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e4eb146d-7546-4a24-ae35-eb2824b345a2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Actions", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e4eb146d-7546-4a24-ae35-eb2824b345a2" - }, - { - "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" - } - ], - "layerId": "0fff056b-7794-4070-8170-3657002b9253", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", - "w": 24, - "x": 0, - "y": 15 + "layers": [ + { + "accessors": [ + "6fb9dc4a-1056-4e74-a4e4-a469941b6efa" + ], + "layerId": "47e0f438-1420-40d4-a779-1845993eb7ea", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "031fd53e-b3ed-422e-b50a-6da93afe2752" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "panelIndex": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", - "title": "DLP Logs - Action taken on message", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "854e5002-cd2e-466a-ba28-04e926663f66": { - "columnOrder": [ - "5745adf7-04d2-4886-8dad-897d57705772", - "b9e528af-178d-488b-8997-fbaf60f2e4aa" - ], - "columns": { - "5745adf7-04d2-4886-8dad-897d57705772": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Policies", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "rule.name" - }, - "b9e528af-178d-488b-8997-fbaf60f2e4aa": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "5745adf7-04d2-4886-8dad-897d57705772" - }, - { - "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa" - } - ], - "layerId": "854e5002-cd2e-466a-ba28-04e926663f66", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", - "w": 24, - "x": 24, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", - "title": "DLP Logs - Policies triggered", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "0f5b8670-33ce-47e6-ac1f-b29f55afaf24": { - "columnOrder": [ - "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", - "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1" - ], - "columns": { - "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "7f11f183-c159-43db-8b95-cbb8fd2d8fd7": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.dlp_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.dlp_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", - "isTransposed": false - }, - { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "isTransposed": false - } - ], - "layerId": "0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "layerType": "data", - "sorting": { - "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", - "direction": "desc" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "4a088ba2-68ed-418a-b167-7db8a7c592c2", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "4a088ba2-68ed-418a-b167-7db8a7c592c2", - "title": "DLP Logs - Senders that triggered DLP Policies", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] DLP Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-042d5620-5411-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "15971769-d6c7-4cbd-a65b-41773cac89f9", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "15971769-d6c7-4cbd-a65b-41773cac89f9", + "title": "DLP Logs Over Time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0fff056b-7794-4070-8170-3657002b9253": { + "columnOrder": [ + "e4eb146d-7546-4a24-ae35-eb2824b345a2", + "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" + ], + "columns": { + "c9c6ab54-8f0d-49b4-bf62-33f88decd52c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e4eb146d-7546-4a24-ae35-eb2824b345a2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Actions", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.action" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e4eb146d-7546-4a24-ae35-eb2824b345a2" + }, + { + "columnId": "c9c6ab54-8f0d-49b4-bf62-33f88decd52c" + } + ], + "layerId": "0fff056b-7794-4070-8170-3657002b9253", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", - "type": "index-pattern" + "panelIndex": "55a3cb4f-41e1-48a3-b3bb-e4b296503246", + "title": "DLP Logs - Action taken on message", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "854e5002-cd2e-466a-ba28-04e926663f66": { + "columnOrder": [ + "5745adf7-04d2-4886-8dad-897d57705772", + "b9e528af-178d-488b-8997-fbaf60f2e4aa" + ], + "columns": { + "5745adf7-04d2-4886-8dad-897d57705772": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Policies", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "rule.name" + }, + "b9e528af-178d-488b-8997-fbaf60f2e4aa": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5745adf7-04d2-4886-8dad-897d57705772" + }, + { + "columnId": "b9e528af-178d-488b-8997-fbaf60f2e4aa" + } + ], + "layerId": "854e5002-cd2e-466a-ba28-04e926663f66", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "13693574-6de9-4ccc-afb9-cc1d99dd83b8", + "title": "DLP Logs - Policies triggered", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0f5b8670-33ce-47e6-ac1f-b29f55afaf24": { + "columnOrder": [ + "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", + "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1" + ], + "columns": { + "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "7f11f183-c159-43db-8b95-cbb8fd2d8fd7": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.dlp_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.dlp_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "7f11f183-c159-43db-8b95-cbb8fd2d8fd7", + "isTransposed": false + }, + { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "isTransposed": false + } + ], + "layerId": "0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "layerType": "data", + "sorting": { + "columnId": "0033ecfa-a5f3-4828-9fd8-ae82caf7c8f1", + "direction": "desc" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "4a088ba2-68ed-418a-b167-7db8a7c592c2", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:filter-index-pattern-0", - "type": "index-pattern" - } + "panelIndex": "4a088ba2-68ed-418a-b167-7db8a7c592c2", + "title": "DLP Logs - Senders that triggered DLP Policies", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] DLP Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:indexpattern-datasource-layer-47e0f438-1420-40d4-a779-1845993eb7ea", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "15971769-d6c7-4cbd-a65b-41773cac89f9:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:indexpattern-datasource-layer-0fff056b-7794-4070-8170-3657002b9253", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "55a3cb4f-41e1-48a3-b3bb-e4b296503246:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:indexpattern-datasource-layer-854e5002-cd2e-466a-ba28-04e926663f66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "13693574-6de9-4ccc-afb9-cc1d99dd83b8:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:indexpattern-datasource-layer-0f5b8670-33ce-47e6-ac1f-b29f55afaf24", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a088ba2-68ed-418a-b167-7db8a7c592c2:filter-index-pattern-0", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json index 192c6a51525..a51c88ad440 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5.json @@ -1,387 +1,392 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" + "id": "mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "399531fb-a3b2-4881-aa91-9b3f9e7d34e7": { + "columnOrder": [ + "d17db96e-f800-4bb6-ad48-2f10d7c1fc34", + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" + ], + "columns": { + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } + "d17db96e-f800-4bb6-ad48-2f10d7c1fc34": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "399531fb-a3b2-4881-aa91-9b3f9e7d34e7": { - "columnOrder": [ - "d17db96e-f800-4bb6-ad48-2f10d7c1fc34", - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" - ], - "columns": { - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "d17db96e-f800-4bb6-ad48-2f10d7c1fc34": { - "customLabel": true, - "dataType": "date", - "isBucketed": true, - "label": "timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" - ], - "layerId": "399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "d17db96e-f800-4bb6-ad48-2f10d7c1fc34" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", - "w": 24, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", - "title": "[[Mimecast] Threat Intel Feed Targeted - over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "662c8260-62a4-4b11-8942-e7900c2fb1bb": { - "columnOrder": [ - "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b", - "7c2cbcee-2579-4971-a811-12bbb4815d9e" - ], - "columns": { - "7c2cbcee-2579-4971-a811-12bbb4815d9e": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of threat.indicator.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_customer" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_customer" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b" - }, - { - "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e" - } - ], - "layerId": "662c8260-62a4-4b11-8942-e7900c2fb1bb", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {} + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", - "w": 24, - "x": 24, - "y": 0 + "layers": [ + { + "accessors": [ + "9ba4c455-c64a-4ce6-8d0e-a17e79390bd3" + ], + "layerId": "399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "d17db96e-f800-4bb6-ad48-2f10d7c1fc34" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "43ba8519-c31d-4884-861e-34bae3c8a782", - "w": 48, - "x": 0, - "y": 15 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "43ba8519-c31d-4884-861e-34bae3c8a782", - "panelRefName": "panel_43ba8519-c31d-4884-861e-34bae3c8a782", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Threat Intel Feed - Targeted Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-0ebd21e0-5422-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", + "w": 24, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4", + "title": "[[Mimecast] Threat Intel Feed Targeted - over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "662c8260-62a4-4b11-8942-e7900c2fb1bb": { + "columnOrder": [ + "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b", + "7c2cbcee-2579-4971-a811-12bbb4815d9e" + ], + "columns": { + "7c2cbcee-2579-4971-a811-12bbb4815d9e": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of threat.indicator.type", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_customer" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_customer" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "c9e207f1-1b64-4b4a-b6cb-ddc770733a8b" + }, + { + "columnId": "7c2cbcee-2579-4971-a811-12bbb4815d9e" + } + ], + "layerId": "662c8260-62a4-4b11-8942-e7900c2fb1bb", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", - "type": "index-pattern" + "panelIndex": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "43ba8519-c31d-4884-861e-34bae3c8a782", + "w": 48, + "x": 0, + "y": 15 }, - { - "id": "mimecast-bfb8e8f0-4084-11ec-b8da-95c3fba730d0", - "name": "43ba8519-c31d-4884-861e-34bae3c8a782:panel_43ba8519-c31d-4884-861e-34bae3c8a782", - "type": "search" - } + "panelIndex": "43ba8519-c31d-4884-861e-34bae3c8a782", + "panelRefName": "panel_43ba8519-c31d-4884-861e-34bae3c8a782", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Threat Intel Feed - Targeted Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:indexpattern-datasource-layer-399531fb-a3b2-4881-aa91-9b3f9e7d34e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e4a96ab-a404-4d1d-932d-0d6439e5d7c4:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:indexpattern-datasource-layer-662c8260-62a4-4b11-8942-e7900c2fb1bb", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "044b5a8a-d8c5-4f7b-beae-7c612bd566ee:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "mimecast-bfb8e8f0-4084-11ec-b8da-95c3fba730d0", + "name": "43ba8519-c31d-4884-861e-34bae3c8a782:panel_43ba8519-c31d-4884-861e-34bae3c8a782", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json index ae549845dc2..98978a6871d 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5.json @@ -1,392 +1,397 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" + "id": "mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "482f4c89-6ca6-4520-826e-876c0256ae1b": { + "columnOrder": [ + "6035b29a-145b-48c5-9faf-0d33060bfda0", + "26106801-2a8f-464c-9a0e-439bb734b16b" + ], + "columns": { + "26106801-2a8f-464c-9a0e-439bb734b16b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } + "6035b29a-145b-48c5-9faf-0d33060bfda0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "482f4c89-6ca6-4520-826e-876c0256ae1b": { - "columnOrder": [ - "6035b29a-145b-48c5-9faf-0d33060bfda0", - "26106801-2a8f-464c-9a0e-439bb734b16b" - ], - "columns": { - "26106801-2a8f-464c-9a0e-439bb734b16b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "6035b29a-145b-48c5-9faf-0d33060bfda0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "26106801-2a8f-464c-9a0e-439bb734b16b" - ], - "layerId": "482f4c89-6ca6-4520-826e-876c0256ae1b", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "6035b29a-145b-48c5-9faf-0d33060bfda0" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 16, - "i": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", - "w": 22, - "x": 0, - "y": 0 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", - "title": "[Miemcast] Threat Intel Feed Regional- over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "231039d5-8ca6-4e3d-b6ce-304ff967550c": { - "columnOrder": [ - "e751fb41-0eb0-444c-858b-b2ffafe590cf", - "b642290b-f2dd-46a6-8641-ef25b6e6e794" - ], - "columns": { - "b642290b-f2dd-46a6-8641-ef25b6e6e794": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e751fb41-0eb0-444c-858b-b2ffafe590cf": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Indicator", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "threat.indicator.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.threat_intel_malware_grid" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.threat_intel_malware_grid" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e751fb41-0eb0-444c-858b-b2ffafe590cf" - }, - { - "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794" - } - ], - "layerId": "231039d5-8ca6-4e3d-b6ce-304ff967550c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 16, - "i": "c4041140-c71a-446f-bc68-3e3593202832", - "w": 25, - "x": 22, - "y": 0 + "layers": [ + { + "accessors": [ + "26106801-2a8f-464c-9a0e-439bb734b16b" + ], + "layerId": "482f4c89-6ca6-4520-826e-876c0256ae1b", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "6035b29a-145b-48c5-9faf-0d33060bfda0" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "c4041140-c71a-446f-bc68-3e3593202832", - "title": "[Regional] Threat Intel Feed Regional - count by indicator", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 22, - "i": "44ba0d50-0c94-4053-8364-058f0c5a6916", - "w": 47, - "x": 0, - "y": 16 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "44ba0d50-0c94-4053-8364-058f0c5a6916", - "panelRefName": "panel_44ba0d50-0c94-4053-8364-058f0c5a6916", - "title": "[Mimecast] Threat Intel Feed Regional - Most recent logs", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Threat Intel Feed - Regional Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-6c61f080-541f-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", + "w": 22, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "174ad31a-31be-4bc0-b47a-a7692c6c02ae", + "title": "[Miemcast] Threat Intel Feed Regional- over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "231039d5-8ca6-4e3d-b6ce-304ff967550c": { + "columnOrder": [ + "e751fb41-0eb0-444c-858b-b2ffafe590cf", + "b642290b-f2dd-46a6-8641-ef25b6e6e794" + ], + "columns": { + "b642290b-f2dd-46a6-8641-ef25b6e6e794": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "e751fb41-0eb0-444c-858b-b2ffafe590cf": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Indicator", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "threat.indicator.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.threat_intel_malware_grid" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.threat_intel_malware_grid" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e751fb41-0eb0-444c-858b-b2ffafe590cf" + }, + { + "columnId": "b642290b-f2dd-46a6-8641-ef25b6e6e794" + } + ], + "layerId": "231039d5-8ca6-4e3d-b6ce-304ff967550c", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "c4041140-c71a-446f-bc68-3e3593202832", + "w": 25, + "x": 22, + "y": 0 }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", - "type": "index-pattern" + "panelIndex": "c4041140-c71a-446f-bc68-3e3593202832", + "title": "[Regional] Threat Intel Feed Regional - count by indicator", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "c4041140-c71a-446f-bc68-3e3593202832:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 22, + "i": "44ba0d50-0c94-4053-8364-058f0c5a6916", + "w": 47, + "x": 0, + "y": 16 }, - { - "id": "mimecast-df42cb00-4084-11ec-b8da-95c3fba730d0", - "name": "44ba0d50-0c94-4053-8364-058f0c5a6916:panel_44ba0d50-0c94-4053-8364-058f0c5a6916", - "type": "search" - } + "panelIndex": "44ba0d50-0c94-4053-8364-058f0c5a6916", + "panelRefName": "panel_44ba0d50-0c94-4053-8364-058f0c5a6916", + "title": "[Mimecast] Threat Intel Feed Regional - Most recent logs", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Threat Intel Feed - Regional Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:indexpattern-datasource-layer-482f4c89-6ca6-4520-826e-876c0256ae1b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "174ad31a-31be-4bc0-b47a-a7692c6c02ae:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:indexpattern-datasource-layer-231039d5-8ca6-4e3d-b6ce-304ff967550c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4041140-c71a-446f-bc68-3e3593202832:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "mimecast-df42cb00-4084-11ec-b8da-95c3fba730d0", + "name": "44ba0d50-0c94-4053-8364-058f0c5a6916:panel_44ba0d50-0c94-4053-8364-058f0c5a6916", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json index 2bd99837fb8..6f4c56a5aa1 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5.json @@ -1,615 +1,620 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7a34769f-5338-4cf1-8611-76ee68762548": { + "columnOrder": [ + "93e854a1-a782-4a03-97b8-b4f8a98b931e", + "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15", + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" + ], + "columns": { + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" + "93e854a1-a782-4a03-97b8-b4f8a98b931e": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of mimecast.scanResult", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "73bd76e9-d764-4c7c-bfb0-71205b4f7df5", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "mimecast.scanResult" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } + "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15": { + "customLabel": true, + "dataType": "date", + "isBucketed": true, + "label": "timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7a34769f-5338-4cf1-8611-76ee68762548": { - "columnOrder": [ - "93e854a1-a782-4a03-97b8-b4f8a98b931e", - "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15", - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" - ], - "columns": { - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "93e854a1-a782-4a03-97b8-b4f8a98b931e": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of mimecast.scanResult", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "73bd76e9-d764-4c7c-bfb0-71205b4f7df5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "mimecast.scanResult" - }, - "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15": { - "customLabel": true, - "dataType": "date", - "isBucketed": true, - "label": "timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "curveType": "CURVE_MONOTONE_X", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" - ], - "layerId": "7a34769f-5338-4cf1-8611-76ee68762548", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "93e854a1-a782-4a03-97b8-b4f8a98b931e", - "xAccessor": "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 14, - "i": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", - "w": 48, - "x": 0, - "y": 0 + "curveType": "CURVE_MONOTONE_X", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", - "title": "Clean vs malicious over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "76a01545-a0d3-4529-9185-e99aa33aa198": { - "columnOrder": [ - "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", - "1e318351-5ec1-484c-8a9f-dd79a8c26759" - ], - "columns": { - "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "url", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "url.original" - }, - "1e318351-5ec1-484c-8a9f-dd79a8c26759": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.scanResult", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.scanResult": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", - "isTransposed": false - }, - { - "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", - "isTransposed": false - } - ], - "layerId": "76a01545-a0d3-4529-9185-e99aa33aa198", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "73bd76e9-d764-4c7c-bfb0-71205b4f7df5" + ], + "layerId": "7a34769f-5338-4cf1-8611-76ee68762548", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "93e854a1-a782-4a03-97b8-b4f8a98b931e", + "xAccessor": "a116654e-42ef-4dbf-9c3f-07dc0ab0eb15" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "showSingleSeries": true }, - "gridData": { - "h": 15, - "i": "a4201043-b285-4608-b169-4eae313b2b6c", - "w": 24, - "x": 0, - "y": 14 + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "a4201043-b285-4608-b169-4eae313b2b6c", - "title": "Top malicious URLs", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba": { - "columnOrder": [ - "2b26e9ef-78d9-4173-97fa-ec7526af0773", - "2782be47-0178-4935-ac5b-05c8a15a61f2" - ], - "columns": { - "2782be47-0178-4935-ac5b-05c8a15a61f2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "2b26e9ef-78d9-4173-97fa-ec7526af0773": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "category", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "mimecast.category" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_url_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_url_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.scanResult", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.scanResult": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 14, + "i": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73", + "title": "Clean vs malicious over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "76a01545-a0d3-4529-9185-e99aa33aa198": { + "columnOrder": [ + "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", + "1e318351-5ec1-484c-8a9f-dd79a8c26759" + ], + "columns": { + "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "url", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2b26e9ef-78d9-4173-97fa-ec7526af0773" - }, - { - "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2" - } - ], - "layerId": "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "url.original" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "1e318351-5ec1-484c-8a9f-dd79a8c26759": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", - "w": 24, - "x": 24, - "y": 14 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } }, - "panelIndex": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", - "title": "Top URL categories", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.scanResult", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.scanResult": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "0f3030c5-e2c2-46b0-94d9-9fedf71bbedd", + "isTransposed": false + }, + { + "columnId": "1e318351-5ec1-484c-8a9f-dd79a8c26759", + "isTransposed": false + } + ], + "layerId": "76a01545-a0d3-4529-9185-e99aa33aa198", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "246c6a37-8605-4c92-8503-0fc545cef56f", - "w": 48, - "x": 0, - "y": 29 - }, - "panelIndex": "246c6a37-8605-4c92-8503-0fc545cef56f", - "panelRefName": "panel_246c6a37-8605-4c92-8503-0fc545cef56f", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP URL Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-7790e470-541a-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "a4201043-b285-4608-b169-4eae313b2b6c", + "w": 24, + "x": 0, + "y": 14 }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "a4201043-b285-4608-b169-4eae313b2b6c", + "title": "Top malicious URLs", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba": { + "columnOrder": [ + "2b26e9ef-78d9-4173-97fa-ec7526af0773", + "2782be47-0178-4935-ac5b-05c8a15a61f2" + ], + "columns": { + "2782be47-0178-4935-ac5b-05c8a15a61f2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "2b26e9ef-78d9-4173-97fa-ec7526af0773": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "category", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "mimecast.category" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_url_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_url_logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.scanResult", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.scanResult": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2b26e9ef-78d9-4173-97fa-ec7526af0773" + }, + { + "columnId": "2782be47-0178-4935-ac5b-05c8a15a61f2" + } + ], + "layerId": "2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", + "w": 24, + "x": 24, + "y": 14 }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-0", - "type": "index-pattern" + "panelIndex": "23fe1e17-6ce1-4d4e-abb5-2fd095420475", + "title": "Top URL categories", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 19, + "i": "246c6a37-8605-4c92-8503-0fc545cef56f", + "w": 48, + "x": 0, + "y": 29 }, - { - "id": "mimecast-fa36c5f0-3fef-11ec-8ace-9fcc35bfe253", - "name": "246c6a37-8605-4c92-8503-0fc545cef56f:panel_246c6a37-8605-4c92-8503-0fc545cef56f", - "type": "search" - } + "panelIndex": "246c6a37-8605-4c92-8503-0fc545cef56f", + "panelRefName": "panel_246c6a37-8605-4c92-8503-0fc545cef56f", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP URL Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:indexpattern-datasource-layer-7a34769f-5338-4cf1-8611-76ee68762548", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23ab3e48-e6f2-4c70-a6f5-8dff355eeb73:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:indexpattern-datasource-layer-76a01545-a0d3-4529-9185-e99aa33aa198", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a4201043-b285-4608-b169-4eae313b2b6c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:indexpattern-datasource-layer-2a0ae18b-3b74-4c61-8a14-3f87a634e8ba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "23fe1e17-6ce1-4d4e-abb5-2fd095420475:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "mimecast-fa36c5f0-3fef-11ec-8ace-9fcc35bfe253", + "name": "246c6a37-8605-4c92-8503-0fc545cef56f:panel_246c6a37-8605-4c92-8503-0fc545cef56f", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json index 3ec69fc6c8c..12c6d3f4aa3 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5.json @@ -1,793 +1,798 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" + "id": "mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "7fd2fb45-58d3-499c-8b39-a65a1d337c30": { + "columnOrder": [ + "4c2264ac-1102-43db-b405-02295ddba570", + "29a6d63f-6b9e-42f5-a062-026e264b7905" + ], + "columns": { + "29a6d63f-6b9e-42f5-a062-026e264b7905": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } + "4c2264ac-1102-43db-b405-02295ddba570": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1M" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "7fd2fb45-58d3-499c-8b39-a65a1d337c30": { - "columnOrder": [ - "4c2264ac-1102-43db-b405-02295ddba570", - "29a6d63f-6b9e-42f5-a062-026e264b7905" - ], - "columns": { - "29a6d63f-6b9e-42f5-a062-026e264b7905": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "4c2264ac-1102-43db-b405-02295ddba570": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1M" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "29a6d63f-6b9e-42f5-a062-026e264b7905" - ], - "layerId": "7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "4c2264ac-1102-43db-b405-02295ddba570" - } - ], - "legend": { - "isInside": false, - "isVisible": true, - "position": "right", - "showSingleSeries": true - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "29a6d63f-6b9e-42f5-a062-026e264b7905" + ], + "layerId": "7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "4c2264ac-1102-43db-b405-02295ddba570" + } + ], + "legend": { + "isInside": false, + "isVisible": true, + "position": "right", + "showSingleSeries": true + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "0939e1a7-1ed7-41c8-8161-c82ee711824c", - "w": 48, - "x": 0, - "y": 0 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "0939e1a7-1ed7-41c8-8161-c82ee711824c", - "title": "TTP AP Logs- Threats (attachments deemed malicious) over time", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc987f4b-7570-4117-a216-abb8b85d6a74": { - "columnOrder": [ - "68fb7687-4b9e-4269-9514-d871fd23acf6", - "accab1cb-cf0c-4e6c-94c6-cc50396d0d58" - ], - "columns": { - "68fb7687-4b9e-4269-9514-d871fd23acf6": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Malicious files extensions", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.attachments.file.extension" - }, - "accab1cb-cf0c-4e6c-94c6-cc50396d0d58": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "0939e1a7-1ed7-41c8-8161-c82ee711824c", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "0939e1a7-1ed7-41c8-8161-c82ee711824c", + "title": "TTP AP Logs- Threats (attachments deemed malicious) over time", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc987f4b-7570-4117-a216-abb8b85d6a74": { + "columnOrder": [ + "68fb7687-4b9e-4269-9514-d871fd23acf6", + "accab1cb-cf0c-4e6c-94c6-cc50396d0d58" + ], + "columns": { + "68fb7687-4b9e-4269-9514-d871fd23acf6": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Malicious files extensions", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "68fb7687-4b9e-4269-9514-d871fd23acf6", - "isTransposed": false - }, - { - "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", - "isTransposed": false - } - ], - "layerId": "cc987f4b-7570-4117-a216-abb8b85d6a74", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.attachments.file.extension" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "accab1cb-cf0c-4e6c-94c6-cc50396d0d58": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", - "w": 24, - "x": 0, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", - "title": "TTP AP Logs - Threat extension types", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "68fb7687-4b9e-4269-9514-d871fd23acf6", + "isTransposed": false + }, + { + "columnId": "accab1cb-cf0c-4e6c-94c6-cc50396d0d58", + "isTransposed": false + } + ], + "layerId": "cc987f4b-7570-4117-a216-abb8b85d6a74", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "675873f9-5e65-4f7d-a731-1e5170a98700": { - "columnOrder": [ - "a413b181-ad13-4316-97ad-f563a54dd33d", - "757fdc1e-7a28-470c-a730-e3b9a67ec253" - ], - "columns": { - "757fdc1e-7a28-470c-a730-e3b9a67ec253": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "a413b181-ad13-4316-97ad-f563a54dd33d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Threats detected by recipients", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "a413b181-ad13-4316-97ad-f563a54dd33d", - "isTransposed": false - }, - { - "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", - "isTransposed": false - } - ], - "layerId": "675873f9-5e65-4f7d-a731-1e5170a98700", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "00f684a9-e6f1-4fba-8693-4ff07ec1d480", + "title": "TTP AP Logs - Threat extension types", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "675873f9-5e65-4f7d-a731-1e5170a98700": { + "columnOrder": [ + "a413b181-ad13-4316-97ad-f563a54dd33d", + "757fdc1e-7a28-470c-a730-e3b9a67ec253" + ], + "columns": { + "757fdc1e-7a28-470c-a730-e3b9a67ec253": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "a413b181-ad13-4316-97ad-f563a54dd33d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Threats detected by recipients", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "8d907c29-dd68-4333-9e75-562f38046280", - "w": 24, - "x": 24, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "8d907c29-dd68-4333-9e75-562f38046280", - "title": "TTP AP Logs - Threat detected by recipients", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "a413b181-ad13-4316-97ad-f563a54dd33d", + "isTransposed": false + }, + { + "columnId": "757fdc1e-7a28-470c-a730-e3b9a67ec253", + "isTransposed": false + } + ], + "layerId": "675873f9-5e65-4f7d-a731-1e5170a98700", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "55f1e965-a3d5-4941-820e-46277d3f3cba": { - "columnOrder": [ - "2984698c-20fb-4eca-975b-a42fcb4136a4", - "839e65a6-2bfb-4b3a-aa86-044a081338bf" - ], - "columns": { - "2984698c-20fb-4eca-975b-a42fcb4136a4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - }, - "839e65a6-2bfb-4b3a-aa86-044a081338bf": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ap_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ap_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.result", - "negate": false, - "params": { - "query": "malicious" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.result": "malicious" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "8d907c29-dd68-4333-9e75-562f38046280", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "8d907c29-dd68-4333-9e75-562f38046280", + "title": "TTP AP Logs - Threat detected by recipients", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "55f1e965-a3d5-4941-820e-46277d3f3cba": { + "columnOrder": [ + "2984698c-20fb-4eca-975b-a42fcb4136a4", + "839e65a6-2bfb-4b3a-aa86-044a081338bf" + ], + "columns": { + "2984698c-20fb-4eca-975b-a42fcb4136a4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "2984698c-20fb-4eca-975b-a42fcb4136a4" - }, - { - "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf" - } - ], - "layerId": "55f1e965-a3d5-4941-820e-46277d3f3cba", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.from.address" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "839e65a6-2bfb-4b3a-aa86-044a081338bf": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ap_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "c3a2a774-3d5f-42a3-be87-694d768aaf92", - "w": 24, - "x": 0, - "y": 30 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ap_logs" + } + } }, - "panelIndex": "c3a2a774-3d5f-42a3-be87-694d768aaf92", - "title": "TTP AP Logs - Threat detected by senders", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.result", + "negate": false, + "params": { + "query": "malicious" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.result": "malicious" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2984698c-20fb-4eca-975b-a42fcb4136a4" + }, + { + "columnId": "839e65a6-2bfb-4b3a-aa86-044a081338bf" + } + ], + "layerId": "55f1e965-a3d5-4941-820e-46277d3f3cba", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3da0947d-f5e2-4c52-8577-d313a6256c84", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "3da0947d-f5e2-4c52-8577-d313a6256c84", - "panelRefName": "panel_3da0947d-f5e2-4c52-8577-d313a6256c84", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-30d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP Attachment Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-87fba310-5413-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-0", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "c3a2a774-3d5f-42a3-be87-694d768aaf92", + "w": 24, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "c3a2a774-3d5f-42a3-be87-694d768aaf92", + "title": "TTP AP Logs - Threat detected by senders", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "3da0947d-f5e2-4c52-8577-d313a6256c84", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "mimecast-9749a210-3e4a-11ec-80fa-4dfb04910642", - "name": "3da0947d-f5e2-4c52-8577-d313a6256c84:panel_3da0947d-f5e2-4c52-8577-d313a6256c84", - "type": "search" - } + "panelIndex": "3da0947d-f5e2-4c52-8577-d313a6256c84", + "panelRefName": "panel_3da0947d-f5e2-4c52-8577-d313a6256c84", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP Attachment Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:indexpattern-datasource-layer-7fd2fb45-58d3-499c-8b39-a65a1d337c30", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0939e1a7-1ed7-41c8-8161-c82ee711824c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:indexpattern-datasource-layer-cc987f4b-7570-4117-a216-abb8b85d6a74", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "00f684a9-e6f1-4fba-8693-4ff07ec1d480:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:indexpattern-datasource-layer-675873f9-5e65-4f7d-a731-1e5170a98700", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d907c29-dd68-4333-9e75-562f38046280:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:indexpattern-datasource-layer-55f1e965-a3d5-4941-820e-46277d3f3cba", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c3a2a774-3d5f-42a3-be87-694d768aaf92:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "mimecast-9749a210-3e4a-11ec-80fa-4dfb04910642", + "name": "3da0947d-f5e2-4c52-8577-d313a6256c84:panel_3da0947d-f5e2-4c52-8577-d313a6256c84", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json index 55c14d54ee1..277e6300e3c 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5.json @@ -1,650 +1,655 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } + "id": "mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3732d54a-b698-4a66-baef-5d0674eff6c9": { + "columnOrder": [ + "eaf6d751-71b7-431a-b597-6f58857c0ea9" + ], + "columns": { + "eaf6d751-71b7-431a-b597-6f58857c0ea9": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "users logged on", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3732d54a-b698-4a66-baef-5d0674eff6c9": { - "columnOrder": [ - "eaf6d751-71b7-431a-b597-6f58857c0ea9" - ], - "columns": { - "eaf6d751-71b7-431a-b597-6f58857c0ea9": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "users logged on", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "user-logged-on" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "user-logged-on" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "eaf6d751-71b7-431a-b597-6f58857c0ea9", - "layerId": "3732d54a-b698-4a66-baef-5d0674eff6c9", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "0668cb1c-3653-44fd-9011-207eee1d886c", - "w": 24, - "x": 0, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "0668cb1c-3653-44fd-9011-207eee1d886c", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "user-logged-on" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "user-logged-on" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "eaf6d751-71b7-431a-b597-6f58857c0ea9", + "layerId": "3732d54a-b698-4a66-baef-5d0674eff6c9", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d1772930-cd84-4843-ad0d-64b5bf4d1e9c": { - "columnOrder": [ - "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902" - ], - "columns": { - "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "login failed attempts", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "logon-authentication-failed" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "logon-authentication-failed" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902", - "layerId": "d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "0668cb1c-3653-44fd-9011-207eee1d886c", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "0668cb1c-3653-44fd-9011-207eee1d886c", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d1772930-cd84-4843-ad0d-64b5bf4d1e9c": { + "columnOrder": [ + "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902" + ], + "columns": { + "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "login failed attempts", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7c8c2048-f7b1-42f5-8558-61efea1be46d", - "w": 24, - "x": 24, - "y": 0 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "7c8c2048-f7b1-42f5-8558-61efea1be46d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "logon-authentication-failed" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "logon-authentication-failed" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "4abe2c7c-88ea-4177-8ea9-aaa8f34bc902", + "layerId": "d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6": { - "columnOrder": [ - "13c9775c-4b14-4314-a394-e97ffc0e1499", - "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", - "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", - "01f5144f-929b-4f88-8a0e-995d804e0037" - ], - "columns": { - "01f5144f-929b-4f88-8a0e-995d804e0037": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "count", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "src", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "client.ip" - }, - "13c9775c-4b14-4314-a394-e97ffc0e1499": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "user", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "user.email" - }, - "a7feab8c-0abd-49eb-96cb-f7a351fa44d3": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "app", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "mimecast.application" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7c8c2048-f7b1-42f5-8558-61efea1be46d", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "7c8c2048-f7b1-42f5-8558-61efea1be46d", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6": { + "columnOrder": [ + "13c9775c-4b14-4314-a394-e97ffc0e1499", + "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", + "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", + "01f5144f-929b-4f88-8a0e-995d804e0037" + ], + "columns": { + "01f5144f-929b-4f88-8a0e-995d804e0037": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "count", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "src", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "event.action", - "negate": false, - "params": { - "query": "logon-authentication-failed" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "logon-authentication-failed" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.audit_events\" " + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "client.ip" + }, + "13c9775c-4b14-4314-a394-e97ffc0e1499": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "user", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "13c9775c-4b14-4314-a394-e97ffc0e1499", - "isTransposed": false - }, - { - "columnId": "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", - "isTransposed": false - }, - { - "columnId": "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", - "isTransposed": false - }, - { - "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", - "isTransposed": false - } - ], - "layerId": "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "user.email" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "a7feab8c-0abd-49eb-96cb-f7a351fa44d3": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "app", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "mimecast.application" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f6516880-2d97-4b93-87bb-92f35c377e3b", - "w": 24, - "x": 0, - "y": 15 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } + } }, - "panelIndex": "f6516880-2d97-4b93-87bb-92f35c377e3b", - "title": "[Mimecast] Failed authentication by user, app and src", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"6d200d4d-9645-457c-82ee-84bfb2da30ca\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"d0374776-f76c-46ed-a656-a0a35583a2ba\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"84b4eec1-9626-4236-8164-b59027952799\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":0.83,\"center\":{\"lon\":4.00755,\"lat\":40.62529},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"mimecast.audit_events\"}},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"mimecast.audit_events\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"logon-authentication-failed\"}},\"query\":{\"match_phrase\":{\"event.action\":\"logon-authentication-failed\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 85.05113, - "maxLon": 180, - "minLat": -85.05113, - "minLon": -180 - }, - "mapCenter": { - "lat": 45.66276, - "lon": 4.00755, - "zoom": 0.83 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "event.action", + "negate": false, + "params": { + "query": "logon-authentication-failed" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "314e1d17-5eaf-4341-854a-2956bbef1870", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "314e1d17-5eaf-4341-854a-2956bbef1870", - "title": "[Mimecast] Failed authentication by country", - "type": "map", - "version": "7.16.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "w": 48, - "x": 0, - "y": 30 - }, - "panelIndex": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "panelRefName": "panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "type": "search", - "version": "7.16.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "logon-authentication-failed" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.audit_events\" " + }, + "visualization": { + "columns": [ + { + "columnId": "13c9775c-4b14-4314-a394-e97ffc0e1499", + "isTransposed": false + }, + { + "columnId": "a7feab8c-0abd-49eb-96cb-f7a351fa44d3", + "isTransposed": false + }, + { + "columnId": "07a0c304-5e0b-4fc7-9b79-e81ddcbe766e", + "isTransposed": false + }, + { + "columnId": "01f5144f-929b-4f88-8a0e-995d804e0037", + "isTransposed": false + } + ], + "layerId": "e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8b954556-f449-4d03-88c5-9ba86af34244", - "w": 48, - "x": 0, - "y": 45 - }, - "panelIndex": "8b954556-f449-4d03-88c5-9ba86af34244", - "panelRefName": "panel_8b954556-f449-4d03-88c5-9ba86af34244", - "type": "search", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Access Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-b4585cb0-541c-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "f6516880-2d97-4b93-87bb-92f35c377e3b", + "w": 24, + "x": 0, + "y": 15 }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", - "type": "index-pattern" + "panelIndex": "f6516880-2d97-4b93-87bb-92f35c377e3b", + "title": "[Mimecast] Failed authentication by user, app and src", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"6d200d4d-9645-457c-82ee-84bfb2da30ca\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"indexPatternId\":\"logs-*\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"CLUSTERS\",\"id\":\"d0374776-f76c-46ed-a656-a0a35583a2ba\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1},\"id\":\"84b4eec1-9626-4236-8164-b59027952799\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"includeInFitToBounds\":true,\"type\":\"BLENDED_VECTOR\",\"joins\":[]}]", + "mapStateJSON": "{\"zoom\":0.83,\"center\":{\"lon\":4.00755,\"lat\":40.62529},\"timeFilters\":{\"from\":\"now-1y/d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"mimecast.audit_events\"}},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"mimecast.audit_events\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"logs-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"logon-authentication-failed\"}},\"query\":{\"match_phrase\":{\"event.action\":\"logon-authentication-failed\"}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 85.05113, + "maxLon": 180, + "minLat": -85.05113, + "minLon": -180 + }, + "mapCenter": { + "lat": 45.66276, + "lon": 4.00755, + "zoom": 0.83 + }, + "openTOCDetails": [] }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "314e1d17-5eaf-4341-854a-2956bbef1870", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "logs-*", - "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-1", - "type": "index-pattern" + "panelIndex": "314e1d17-5eaf-4341-854a-2956bbef1870", + "title": "[Mimecast] Failed authentication by country", + "type": "map", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "w": 48, + "x": 0, + "y": 30 }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", - "type": "index-pattern" + "panelIndex": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "panelRefName": "panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "type": "search", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "8b954556-f449-4d03-88c5-9ba86af34244", + "w": 48, + "x": 0, + "y": 45 }, - { - "id": "logs-*", - "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "314e1d17-5eaf-4341-854a-2956bbef1870:layer_1_source_index_pattern", - "type": "index-pattern" - }, - { - "id": "mimecast-0d8b0660-3fdd-11ec-8ace-9fcc35bfe253", - "name": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79:panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", - "type": "search" - }, - { - "id": "mimecast-96ac7780-541e-11ec-bd43-b5e1f9a9c8d5", - "name": "8b954556-f449-4d03-88c5-9ba86af34244:panel_8b954556-f449-4d03-88c5-9ba86af34244", - "type": "search" - } + "panelIndex": "8b954556-f449-4d03-88c5-9ba86af34244", + "panelRefName": "panel_8b954556-f449-4d03-88c5-9ba86af34244", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Access Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:indexpattern-datasource-layer-3732d54a-b698-4a66-baef-5d0674eff6c9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0668cb1c-3653-44fd-9011-207eee1d886c:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:indexpattern-datasource-layer-d1772930-cd84-4843-ad0d-64b5bf4d1e9c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7c8c2048-f7b1-42f5-8558-61efea1be46d:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:indexpattern-datasource-layer-e10fb6fc-8079-4a60-9ea5-f54da0eff2f6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f6516880-2d97-4b93-87bb-92f35c377e3b:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "314e1d17-5eaf-4341-854a-2956bbef1870:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "mimecast-0d8b0660-3fdd-11ec-8ace-9fcc35bfe253", + "name": "5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79:panel_5e6b4ed3-3f2b-4ee4-b6e3-ba2ef880aa79", + "type": "search" + }, + { + "id": "mimecast-96ac7780-541e-11ec-bd43-b5e1f9a9c8d5", + "name": "8b954556-f449-4d03-88c5-9ba86af34244:panel_8b954556-f449-4d03-88c5-9ba86af34244", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json index 04a30656e68..b5220910684 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5.json @@ -1,846 +1,851 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" + "id": "mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1faf17aa-0298-4830-a031-00f1b48435b6": { + "columnOrder": [ + "95cdbe62-23e4-43ee-9bab-123bfc4a3e68", + "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" + ], + "columns": { + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" + "95cdbe62-23e4-43ee-9bab-123bfc4a3e68": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } + "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of email.direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "2611cbf0-c905-44cc-a98e-25fbdcd5dbee", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 4 + }, + "scale": "ordinal", + "sourceField": "email.direction" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1faf17aa-0298-4830-a031-00f1b48435b6": { - "columnOrder": [ - "95cdbe62-23e4-43ee-9bab-123bfc4a3e68", - "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" - ], - "columns": { - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "95cdbe62-23e4-43ee-9bab-123bfc4a3e68": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of email.direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "2611cbf0-c905-44cc-a98e-25fbdcd5dbee", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 4 - }, - "scale": "ordinal", - "sourceField": "email.direction" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" - ], - "layerId": "1faf17aa-0298-4830-a031-00f1b48435b6", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", - "xAccessor": "95cdbe62-23e4-43ee-9bab-123bfc4a3e68" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2611cbf0-c905-44cc-a98e-25fbdcd5dbee" + ], + "layerId": "1faf17aa-0298-4830-a031-00f1b48435b6", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "c9f7cf64-8a98-4e3c-b12c-a22d26ca20be", + "xAccessor": "95cdbe62-23e4-43ee-9bab-123bfc4a3e68" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "gridData": { - "h": 13, - "i": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", - "w": 48, - "x": 0, - "y": 0 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", - "title": "SIEM Logs - Email Activity Summary", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8a4f8003-e917-44ab-9b50-c46553bacd59": { - "columnOrder": [ - "aaa283a2-4c24-432c-b7f3-a3304e800b51", - "826ba46a-7476-493d-a256-c717d69e7d2b" - ], - "columns": { - "826ba46a-7476-493d-a256-c717d69e7d2b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "aaa283a2-4c24-432c-b7f3-a3304e800b51": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Held Reasons", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.reason" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "process" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "process" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.action", - "negate": false, - "params": { - "query": "Hld" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "Hld" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "aaa283a2-4c24-432c-b7f3-a3304e800b51", - "isTransposed": false - }, - { - "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", - "isTransposed": false - } - ], - "layerId": "8a4f8003-e917-44ab-9b50-c46553bacd59", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 13, + "i": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728", + "title": "SIEM Logs - Email Activity Summary", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8a4f8003-e917-44ab-9b50-c46553bacd59": { + "columnOrder": [ + "aaa283a2-4c24-432c-b7f3-a3304e800b51", + "826ba46a-7476-493d-a256-c717d69e7d2b" + ], + "columns": { + "826ba46a-7476-493d-a256-c717d69e7d2b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "aaa283a2-4c24-432c-b7f3-a3304e800b51": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Held Reasons", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "event.reason" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "3031d781-05b7-4504-b23b-bd4d3233b22b", - "w": 24, - "x": 24, - "y": 13 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "process" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "process" + } + } }, - "panelIndex": "3031d781-05b7-4504-b23b-bd4d3233b22b", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.action", + "negate": false, + "params": { + "query": "Hld" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "Hld" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "aaa283a2-4c24-432c-b7f3-a3304e800b51", + "isTransposed": false + }, + { + "columnId": "826ba46a-7476-493d-a256-c717d69e7d2b", + "isTransposed": false + } + ], + "layerId": "8a4f8003-e917-44ab-9b50-c46553bacd59", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "87e37d53-70f7-4337-86ed-832fcb7f9383": { - "columnOrder": [ - "482922c8-4843-45af-9b42-01c50685bfbe", - "9643e088-9c36-476d-a969-244e0d2ecc23" - ], - "columns": { - "482922c8-4843-45af-9b42-01c50685bfbe": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Delivery Failures", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "error.type" - }, - "9643e088-9c36-476d-a969-244e0d2ecc23": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "delivery" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "delivery" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.outcome", - "negate": false, - "params": { - "query": "failure" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.outcome": "failure" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3031d781-05b7-4504-b23b-bd4d3233b22b", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "3031d781-05b7-4504-b23b-bd4d3233b22b", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "87e37d53-70f7-4337-86ed-832fcb7f9383": { + "columnOrder": [ + "482922c8-4843-45af-9b42-01c50685bfbe", + "9643e088-9c36-476d-a969-244e0d2ecc23" + ], + "columns": { + "482922c8-4843-45af-9b42-01c50685bfbe": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Delivery Failures", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", + "type": "column" }, - "visualization": { - "columns": [ - { - "columnId": "482922c8-4843-45af-9b42-01c50685bfbe", - "isTransposed": false - }, - { - "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", - "isTransposed": false - } - ], - "layerId": "87e37d53-70f7-4337-86ed-832fcb7f9383", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "error.type" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "9643e088-9c36-476d-a969-244e0d2ecc23": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "a6ffda35-4fc4-4204-92c3-45d473823e00", - "w": 24, - "x": 0, - "y": 13 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "delivery" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "delivery" + } + } }, - "panelIndex": "a6ffda35-4fc4-4204-92c3-45d473823e00", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.outcome", + "negate": false, + "params": { + "query": "failure" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.outcome": "failure" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "482922c8-4843-45af-9b42-01c50685bfbe", + "isTransposed": false + }, + { + "columnId": "9643e088-9c36-476d-a969-244e0d2ecc23", + "isTransposed": false + } + ], + "layerId": "87e37d53-70f7-4337-86ed-832fcb7f9383", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-2", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e55c6dff-df9b-4c78-96e4-af36202efbde": { - "columnOrder": [ - "f8efadab-8604-4947-8ef2-7f0d38db76f4", - "7f83a56b-b863-482d-962d-78a2e36940d5" - ], - "columns": { - "7f83a56b-b863-482d-962d-78a2e36940d5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f8efadab-8604-4947-8ef2-7f0d38db76f4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rejections reasons", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "error.type" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.siem_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.siem_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.log_type", - "negate": false, - "params": { - "query": "receipt" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.log_type": "receipt" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-2", - "key": "event.action", - "negate": false, - "params": { - "query": "Rej" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.action": "Rej" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "f8efadab-8604-4947-8ef2-7f0d38db76f4" - }, - { - "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5" - } - ], - "layerId": "e55c6dff-df9b-4c78-96e4-af36202efbde", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "a6ffda35-4fc4-4204-92c3-45d473823e00", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "a6ffda35-4fc4-4204-92c3-45d473823e00", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-2", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e55c6dff-df9b-4c78-96e4-af36202efbde": { + "columnOrder": [ + "f8efadab-8604-4947-8ef2-7f0d38db76f4", + "7f83a56b-b863-482d-962d-78a2e36940d5" + ], + "columns": { + "7f83a56b-b863-482d-962d-78a2e36940d5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "f8efadab-8604-4947-8ef2-7f0d38db76f4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rejections reasons", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "error.type" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.siem_logs" }, - "enhancements": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.siem_logs" + } + } }, - "gridData": { - "h": 15, - "i": "b356a564-3af3-4721-8885-930f4933fda7", - "w": 24, - "x": 0, - "y": 28 + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.log_type", + "negate": false, + "params": { + "query": "receipt" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.log_type": "receipt" + } + } }, - "panelIndex": "b356a564-3af3-4721-8885-930f4933fda7", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-7d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] SIEM Logs Dashboard", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-bca36430-540f-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-2", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-0", - "type": "index-pattern" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-2", + "key": "event.action", + "negate": false, + "params": { + "query": "Rej" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "Rej" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "f8efadab-8604-4947-8ef2-7f0d38db76f4" + }, + { + "columnId": "7f83a56b-b863-482d-962d-78a2e36940d5" + } + ], + "layerId": "e55c6dff-df9b-4c78-96e4-af36202efbde", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-1", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "b356a564-3af3-4721-8885-930f4933fda7", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "logs-*", - "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-2", - "type": "index-pattern" - } + "panelIndex": "b356a564-3af3-4721-8885-930f4933fda7", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] SIEM Logs Dashboard", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:indexpattern-datasource-layer-1faf17aa-0298-4830-a031-00f1b48435b6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8f10a0bb-d41d-4e2b-8e95-e17790cf0728:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:indexpattern-datasource-layer-8a4f8003-e917-44ab-9b50-c46553bacd59", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3031d781-05b7-4504-b23b-bd4d3233b22b:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:indexpattern-datasource-layer-87e37d53-70f7-4337-86ed-832fcb7f9383", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a6ffda35-4fc4-4204-92c3-45d473823e00:filter-index-pattern-2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:indexpattern-datasource-layer-e55c6dff-df9b-4c78-96e4-af36202efbde", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b356a564-3af3-4721-8885-930f4933fda7:filter-index-pattern-2", + "type": "index-pattern" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json index c364e05a05d..57798fd1317 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5.json @@ -1,509 +1,1104 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } + "id": "mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "10e24b74-6c1f-40d2-8d40-2ec39d2a437a": { + "columnOrder": [ + "922203eb-f986-4d8a-b662-c61723b140f5" + ], + "columns": { + "922203eb-f986-4d8a-b662-c61723b140f5": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "fd58ca0b-aae6-4d02-9582-4431487f676d", - "w": 10, - "x": 0, - "y": 0 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "fd58ca0b-aae6-4d02-9582-4431487f676d", - "panelRefName": "panel_fd58ca0b-aae6-4d02-9582-4431487f676d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "similar_internal_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "similar_internal_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "922203eb-f986-4d8a-b662-c61723b140f5", + "layerId": "10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "w": 9, - "x": 10, - "y": 0 + "title": "[Mimecast] SimilarInternalDomain", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "fd58ca0b-aae6-4d02-9582-4431487f676d", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "fd58ca0b-aae6-4d02-9582-4431487f676d", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad": { + "columnOrder": [ + "45ed899d-b0ba-4c0e-92f3-3b1331be047c" + ], + "columns": { + "45ed899d-b0ba-4c0e-92f3-3b1331be047c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "panelRefName": "panel_228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "reply_address_mismatch" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "reply_address_mismatch" + } + } + } + ], + "query": { + "language": "kuery", + "query": "data_stream.dataset : \"mimecast.ttp_ip_logs\" and mimecast.identifiers :\"reply_address_mismatch\" " + }, + "visualization": { + "accessor": "45ed899d-b0ba-4c0e-92f3-3b1331be047c", + "layerId": "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "3de39cd9-d890-4300-848f-934dad8dc0e6", - "w": 9, - "x": 19, - "y": 0 + "title": "[Mimecast] ReplyAddressMismatchCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", + "w": 9, + "x": 10, + "y": 0 + }, + "panelIndex": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2765d4bc-f979-4fab-9c1c-f1dd817397a9": { + "columnOrder": [ + "d26907e8-8968-43cf-bec1-174a1eb2e58c" + ], + "columns": { + "d26907e8-8968-43cf-bec1-174a1eb2e58c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "3de39cd9-d890-4300-848f-934dad8dc0e6", - "panelRefName": "panel_3de39cd9-d890-4300-848f-934dad8dc0e6", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "internal_user_name" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "internal_user_name" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "d26907e8-8968-43cf-bec1-174a1eb2e58c", + "layerId": "2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "7b3289f7-cccd-4246-8927-befc10b8ec24", - "w": 9, - "x": 28, - "y": 0 + "title": "[Mimecast] InternalUserName", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "3de39cd9-d890-4300-848f-934dad8dc0e6", + "w": 9, + "x": 19, + "y": 0 + }, + "panelIndex": "3de39cd9-d890-4300-848f-934dad8dc0e6", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa": { + "columnOrder": [ + "5def3667-368a-4501-bd58-e87f1388d33a" + ], + "columns": { + "5def3667-368a-4501-bd58-e87f1388d33a": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "7b3289f7-cccd-4246-8927-befc10b8ec24", - "panelRefName": "panel_7b3289f7-cccd-4246-8927-befc10b8ec24", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "newly_observed_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "newly_observed_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "5def3667-368a-4501-bd58-e87f1388d33a", + "layerId": "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "8df60631-ed88-490d-952b-33926d251709", - "w": 10, - "x": 37, - "y": 0 + "title": "[Mimecast] NewlyObservedDomainCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "7b3289f7-cccd-4246-8927-befc10b8ec24", + "w": 9, + "x": 28, + "y": 0 + }, + "panelIndex": "7b3289f7-cccd-4246-8927-befc10b8ec24", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "b07c48c6-9c2e-4373-9b81-a516192f6271": { + "columnOrder": [ + "85cafc43-5331-4ca7-853e-17c557791de0" + ], + "columns": { + "85cafc43-5331-4ca7-853e-17c557791de0": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "8df60631-ed88-490d-952b-33926d251709", - "panelRefName": "panel_8df60631-ed88-490d-952b-33926d251709", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.identifiers", + "negate": false, + "params": { + "query": "advanced_similar_internal_domain" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.identifiers": "advanced_similar_internal_domain" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "85cafc43-5331-4ca7-853e-17c557791de0", + "layerId": "b07c48c6-9c2e-4373-9b81-a516192f6271", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340": { - "columnOrder": [ - "ff48f1ba-4593-40a2-88f0-a317519f65a0", - "379f2d4d-5cdb-495b-866b-a67eb523bd86" - ], - "columns": { - "379f2d4d-5cdb-495b-866b-a67eb523bd86": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "ff48f1ba-4593-40a2-88f0-a317519f65a0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Senders", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "email.from.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.taggedMalicious", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.taggedMalicious": true - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "ff48f1ba-4593-40a2-88f0-a317519f65a0" - }, - { - "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86" - } - ], - "layerId": "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "layerType": "data" - } + "title": "[Mimecast] AdvancedSimilarInternalDomainCount", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 13, + "i": "8df60631-ed88-490d-952b-33926d251709", + "w": 10, + "x": 37, + "y": 0 + }, + "panelIndex": "8df60631-ed88-490d-952b-33926d251709", + "type": "lens", + "version": "7.16.0" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340": { + "columnOrder": [ + "ff48f1ba-4593-40a2-88f0-a317519f65a0", + "379f2d4d-5cdb-495b-866b-a67eb523bd86" + ], + "columns": { + "379f2d4d-5cdb-495b-866b-a67eb523bd86": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "ff48f1ba-4593-40a2-88f0-a317519f65a0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Senders", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "email.from.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", - "w": 24, - "x": 0, - "y": 13 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", - "title": "Top potencial malious senders", - "type": "lens", - "version": "7.16.0-SNAPSHOT" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.taggedMalicious", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.taggedMalicious": true + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ff48f1ba-4593-40a2-88f0-a317519f65a0" + }, + { + "columnId": "379f2d4d-5cdb-495b-866b-a67eb523bd86" + } + ], + "layerId": "cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ab543c4a-7b11-40f3-bca3-74ea65af48f4": { - "columnOrder": [ - "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", - "c09ef631-df6f-4df9-b8c2-9fa883d711e8" - ], - "columns": { - "c09ef631-df6f-4df9-b8c2-9fa883d711e8": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Recipients", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "email.to.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.taggedMalicious", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.taggedMalicious": true - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", - "isTransposed": false - }, - { - "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", - "isTransposed": false - } - ], - "layerId": "ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "layerType": "data" - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 15, + "i": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", + "w": 24, + "x": 0, + "y": 13 + }, + "panelIndex": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e", + "title": "Top potencial malious senders", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ab543c4a-7b11-40f3-bca3-74ea65af48f4": { + "columnOrder": [ + "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", + "c09ef631-df6f-4df9-b8c2-9fa883d711e8" + ], + "columns": { + "c09ef631-df6f-4df9-b8c2-9fa883d711e8": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recipients", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-0", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.ttp_ip_logs" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", - "w": 24, - "x": 24, - "y": 13 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.ttp_ip_logs" + } + } }, - "panelIndex": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", - "title": "Top potencial malious recipients", - "type": "lens", - "version": "7.16.0-SNAPSHOT" - } - ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-30d/d", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] TTP Impersonation Protect Logs", - "version": 1 - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-f22e62f0-5417-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642", - "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:panel_fd58ca0b-aae6-4d02-9582-4431487f676d", - "type": "lens" - }, - { - "id": "mimecast-47017670-3e40-11ec-80fa-4dfb04910642", - "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:panel_228c1edf-8ef3-4a4c-8d68-6f4d60b1685d", - "type": "lens" - }, - { - "id": "mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642", - "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:panel_3de39cd9-d890-4300-848f-934dad8dc0e6", - "type": "lens" - }, - { - "id": "mimecast-86374180-3e40-11ec-80fa-4dfb04910642", - "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:panel_7b3289f7-cccd-4246-8927-befc10b8ec24", - "type": "lens" - }, - { - "id": "mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642", - "name": "8df60631-ed88-490d-952b-33926d251709:panel_8df60631-ed88-490d-952b-33926d251709", - "type": "lens" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", - "type": "index-pattern" + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "filter-index-pattern-1", + "key": "mimecast.taggedMalicious", + "negate": false, + "params": { + "query": true + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "mimecast.taggedMalicious": true + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "e4e885a4-eebd-48b5-bf7a-1c8acf4553fa", + "isTransposed": false + }, + { + "columnId": "c09ef631-df6f-4df9-b8c2-9fa883d711e8", + "isTransposed": false + } + ], + "layerId": "ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-0", - "type": "index-pattern" + "gridData": { + "h": 15, + "i": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", + "w": 24, + "x": 24, + "y": 13 }, - { - "id": "logs-*", - "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-1", - "type": "index-pattern" - } + "panelIndex": "322232e8-3f6b-463d-8ab1-d0d16a8b66be", + "title": "Top potencial malious recipients", + "type": "lens", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] TTP Impersonation Protect Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:indexpattern-datasource-layer-cc0ca8f3-6cdf-46d7-a3a8-88a1818b2340", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cfc0063f-6cf4-4eef-852d-4ec90c17a37e:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:indexpattern-datasource-layer-ab543c4a-7b11-40f3-bca3-74ea65af48f4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "322232e8-3f6b-463d-8ab1-d0d16a8b66be:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "fd58ca0b-aae6-4d02-9582-4431487f676d:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "228c1edf-8ef3-4a4c-8d68-6f4d60b1685d:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3de39cd9-d890-4300-848f-934dad8dc0e6:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7b3289f7-cccd-4246-8927-befc10b8ec24:filter-index-pattern-1", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:filter-index-pattern-0", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8df60631-ed88-490d-952b-33926d251709:filter-index-pattern-1", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json b/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json index 76ecf331e8a..21d0be7aa12 100644 --- a/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json +++ b/packages/mimecast/kibana/dashboard/mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5.json @@ -1,87 +1,92 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.audit_events" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.audit_events" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "panelRefName": "panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "type": "search", - "version": "7.16.0-SNAPSHOT" + "id": "mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:30:51.209Z", + "version": "WzYzOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "mimecast.audit_events" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "mimecast.audit_events" + } } + } ], - "refreshInterval": { - "pause": true, - "value": 0 - }, - "timeFrom": "now-24h/h", - "timeRestore": true, - "timeTo": "now", - "title": "[Mimecast] Audit Events Logs", - "version": 1 + "query": { + "language": "kuery", + "query": "" + } + } }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-f8933590-541b-11ec-bd43-b5e1f9a9c8d5", - "migrationVersion": { - "dashboard": "7.16.0" + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "mimecast-eb3179f0-51ed-11ec-a4ca-b3a74c021655", - "name": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1:panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", - "type": "search" - } + "gridData": { + "h": 15, + "i": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "panelRefName": "panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "type": "search", + "version": "7.16.0-SNAPSHOT" + } ], - "type": "dashboard" + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[Mimecast] Audit Events Logs", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "mimecast-eb3179f0-51ed-11ec-a4ca-b3a74c021655", + "name": "ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1:panel_ad6d8a79-9568-4d8e-9edc-4d9fc858a0d1", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "7.16.0" + }, + "coreMigrationVersion": "7.16.0" } \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 4585d962f37..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "10e24b74-6c1f-40d2-8d40-2ec39d2a437a": { - "columnOrder": [ - "922203eb-f986-4d8a-b662-c61723b140f5" - ], - "columns": { - "922203eb-f986-4d8a-b662-c61723b140f5": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "similar_internal_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "similar_internal_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "922203eb-f986-4d8a-b662-c61723b140f5", - "layerId": "10e24b74-6c1f-40d2-8d40-2ec39d2a437a", - "layerType": "data" - } - }, - "title": "[Mimecast] SimilarInternalDomain", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-09cd47c0-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-10e24b74-6c1f-40d2-8d40-2ec39d2a437a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index d931786ec1b..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-47017670-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad": { - "columnOrder": [ - "45ed899d-b0ba-4c0e-92f3-3b1331be047c" - ], - "columns": { - "45ed899d-b0ba-4c0e-92f3-3b1331be047c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "reply_address_mismatch" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "reply_address_mismatch" - } - } - } - ], - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"mimecast.ttp_ip_logs\" and mimecast.identifiers :\"reply_address_mismatch\" " - }, - "visualization": { - "accessor": "45ed899d-b0ba-4c0e-92f3-3b1331be047c", - "layerId": "4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", - "layerType": "data" - } - }, - "title": "[Mimecast] ReplyAddressMismatchCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-47017670-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-4db9fb0a-46d2-4e86-9d51-b2dbb13522ad", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json deleted file mode 100644 index f634a3e1955..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-86374180-3e40-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa": { - "columnOrder": [ - "5def3667-368a-4501-bd58-e87f1388d33a" - ], - "columns": { - "5def3667-368a-4501-bd58-e87f1388d33a": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "newly_observed_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "newly_observed_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "5def3667-368a-4501-bd58-e87f1388d33a", - "layerId": "2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", - "layerType": "data" - } - }, - "title": "[Mimecast] NewlyObservedDomainCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-86374180-3e40-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2a67dfff-4a02-4ee1-9b79-ae7dc549c8fa", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 333c7a05d15..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "b07c48c6-9c2e-4373-9b81-a516192f6271": { - "columnOrder": [ - "85cafc43-5331-4ca7-853e-17c557791de0" - ], - "columns": { - "85cafc43-5331-4ca7-853e-17c557791de0": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "advanced_similar_internal_domain" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "advanced_similar_internal_domain" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "85cafc43-5331-4ca7-853e-17c557791de0", - "layerId": "b07c48c6-9c2e-4373-9b81-a516192f6271", - "layerType": "data" - } - }, - "title": "[Mimecast] AdvancedSimilarInternalDomainCount", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-8f37e6f0-3e3f-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b07c48c6-9c2e-4373-9b81-a516192f6271", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json b/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json deleted file mode 100644 index 920a1994f0c..00000000000 --- a/packages/mimecast/kibana/lens/mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2765d4bc-f979-4fab-9c1c-f1dd817397a9": { - "columnOrder": [ - "d26907e8-8968-43cf-bec1-174a1eb2e58c" - ], - "columns": { - "d26907e8-8968-43cf-bec1-174a1eb2e58c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-0", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "mimecast.ttp_ip_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "mimecast.ttp_ip_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "filter-index-pattern-1", - "key": "mimecast.identifiers", - "negate": false, - "params": { - "query": "internal_user_name" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "mimecast.identifiers": "internal_user_name" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "d26907e8-8968-43cf-bec1-174a1eb2e58c", - "layerId": "2765d4bc-f979-4fab-9c1c-f1dd817397a9", - "layerType": "data" - } - }, - "title": "[Mimecast] InternalUserName", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.16.0", - "id": "mimecast-b06b3340-3e3f-11ec-80fa-4dfb04910642", - "migrationVersion": { - "lens": "7.16.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2765d4bc-f979-4fab-9c1c-f1dd817397a9", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index b8b8cb8ddca..18b5603ba94 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: "1.4.1" +version: "1.4.2" license: basic description: Collect logs from Mimecast with Elastic Agent. type: integration diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index baf66b3b7c7..5210b91f376 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.3.1" changes: - description: Remove duplicate fields. diff --git a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json index 1c356b07b90..df0e881217b 100644 --- a/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json +++ b/packages/netflow/kibana/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c.json @@ -1,317 +1,988 @@ { - "attributes": { - "description": "Netflow Top N flows", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MCwxXQ==", + "attributes": { + "description": "Netflow Top N flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Sources [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "2", - "w": 24, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 24, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Destinations [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "3", - "w": 24, - "x": 24, - "y": 4 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 24, + "x": 24, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Source Ports [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "4", - "w": 24, - "x": 0, - "y": 24 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source", + "field": "source.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Destination Ports [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "5", - "w": 24, - "x": 24, - "y": 24 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.port", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "5", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Protocols [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "6", - "w": 24, - "x": 0, - "y": 44 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "6", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Autonomous Systems [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "7", - "w": 24, - "x": 24, - "y": 44 + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "7", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Top Cities [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": true, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "8", - "w": 24, - "x": 0, - "y": 64 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "9", - "w": 24, - "x": 24, - "y": 64 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Top-N", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "netflow-15295ea6-ba84-47db-8ced-9312abbf495c", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 20, + "i": "8", + "w": 24, + "x": 0, + "y": 64 }, - { - "id": "netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "Top Flow Exporters [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": true, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "2", + "size": 500 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-5292a65b-c532-422a-9008-1251a8073a3a", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 20, + "i": "9", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "netflow-cccff92f-cb71-49a9-9caf-84867751d31e", - "name": "9:panel_9", - "type": "visualization" - } + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Top-N", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json index d4770992790..e2b9e29acef 100644 --- a/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json +++ b/packages/netflow/kibana/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2.json @@ -1,337 +1,1072 @@ { - "attributes": { - "description": "Overview of Netflow", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "id": "netflow-34e26884-161a-4448-9556-43b5bf2f62a2", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MSwxXQ==", + "attributes": { + "description": "Overview of Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "13", - "w": 16, - "x": 16, - "y": 4 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "14", - "w": 16, - "x": 32, - "y": 4 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "15", - "w": 16, - "x": 16, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "17", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources and Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "21", - "w": 16, - "x": 32, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "14", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "22", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "22", - "panelRefName": "panel_22", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 16, + "y": 12 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "23", - "w": 16, - "x": 0, - "y": 12 - }, - "panelIndex": "23", - "panelRefName": "panel_23", - "type": "visualization", - "version": "7.3.0" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "17", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "24", - "w": 16, - "x": 0, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "24", - "panelRefName": "panel_24", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 32, + "y": 12 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "25", - "w": 16, - "x": 32, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "25", - "panelRefName": "panel_25", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "22", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "26", - "w": 16, - "x": 0, - "y": 28 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "26", - "panelRefName": "panel_26", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "23", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Locality (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "27", - "w": 16, - "x": 16, - "y": 28 - }, - "panelIndex": "27", - "panelRefName": "panel_27", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locality", + "field": "flow.locality", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "24", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries and Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "29", - "w": 16, - "x": 32, - "y": 28 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "29", - "panelRefName": "panel_29", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-34e26884-161a-4448-9556-43b5bf2f62a2", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 8, + "i": "25", + "w": 16, + "x": 32, + "y": 20 }, - { - "id": "netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "netflow-1558508d-591c-49be-bef4-85fdac18a960", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "name": "21:panel_21", - "type": "visualization" - }, - { - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "name": "22:panel_22", - "type": "visualization" + "panelIndex": "25", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Exporters (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "name": "23:panel_23", - "type": "visualization" + "gridData": { + "h": 8, + "i": "26", + "w": 16, + "x": 0, + "y": 28 }, - { - "id": "netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d", - "name": "24:panel_24", - "type": "visualization" + "panelIndex": "26", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Direction (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Direction", + "field": "network.direction", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761", - "name": "25:panel_25", - "type": "visualization" + "gridData": { + "h": 8, + "i": "27", + "w": 16, + "x": 16, + "y": 28 }, - { - "id": "netflow-31708a70-4957-4a8a-8065-5c88a344ad02", - "name": "26:panel_26", - "type": "visualization" + "panelIndex": "27", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Version (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-b677cd82-b33e-49b3-8b6e-0e110177b163", - "name": "27:panel_27", - "type": "visualization" + "gridData": { + "h": 8, + "i": "29", + "w": 16, + "x": 32, + "y": 28 }, - { - "id": "netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f", - "name": "29:panel_29", - "type": "visualization" - } + "panelIndex": "29", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "12:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "13:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "14:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json index 184af26b03e..77b599cdfaa 100644 --- a/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json +++ b/packages/netflow/kibana/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8.json @@ -1,978 +1,2510 @@ { - "attributes": { - "description": "Netflow traffic analysis", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "1", - "w": 24, - "x": 24, - "y": 84 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "4", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 24, - "y": 108 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 24, - "x": 0, - "y": 108 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "7", - "w": 24, - "x": 24, - "y": 36 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 24, - "x": 0, - "y": 84 - }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "11", - "w": 24, - "x": 0, - "y": 60 - }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "12", - "w": 24, - "x": 0, - "y": 36 - }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "13", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "14", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 8, - "i": "15", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "16", - "w": 16, - "x": 0, - "y": 28 - }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 16, - "x": 24, - "y": 4 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "18", - "w": 16, - "x": 24, - "y": 28 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "19", - "w": 16, - "x": 0, - "y": 52 - }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "20", - "w": 16, - "x": 24, - "y": 52 - }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "21", - "w": 16, - "x": 0, - "y": 76 - }, - "panelIndex": "21", - "panelRefName": "panel_21", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "22", - "w": 16, - "x": 24, - "y": 76 - }, - "panelIndex": "22", - "panelRefName": "panel_22", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "23", - "w": 16, - "x": 0, - "y": 100 - }, - "panelIndex": "23", - "panelRefName": "panel_23", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "24", - "w": 16, - "x": 24, - "y": 100 - }, - "panelIndex": "24", - "panelRefName": "panel_24", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "25", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "25", - "panelRefName": "panel_25", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "26", - "w": 8, - "x": 40, - "y": 4 - }, - "panelIndex": "26", - "panelRefName": "panel_26", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "27", - "w": 8, - "x": 16, - "y": 4 - }, - "panelIndex": "27", - "panelRefName": "panel_27", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "28", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "28", - "panelRefName": "panel_28", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "29", - "w": 8, - "x": 40, - "y": 28 - }, - "panelIndex": "29", - "panelRefName": "panel_29", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "30", - "w": 8, - "x": 16, - "y": 28 - }, - "panelIndex": "30", - "panelRefName": "panel_30", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "31", - "w": 24, - "x": 24, - "y": 92 - }, - "panelIndex": "31", - "panelRefName": "panel_31", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "34", - "w": 24, - "x": 24, - "y": 116 - }, - "panelIndex": "34", - "panelRefName": "panel_34", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "35", - "w": 24, - "x": 0, - "y": 116 - }, - "panelIndex": "35", - "panelRefName": "panel_35", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "38", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "38", - "panelRefName": "panel_38", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "42", - "w": 24, - "x": 0, - "y": 44 - }, - "panelIndex": "42", - "panelRefName": "panel_42", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "44", - "w": 24, - "x": 0, - "y": 92 - }, - "panelIndex": "44", - "panelRefName": "panel_44", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "45", - "w": 24, - "x": 0, - "y": 68 - }, - "panelIndex": "45", - "panelRefName": "panel_45", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "47", - "w": 24, - "x": 24, - "y": 68 - }, - "panelIndex": "47", - "panelRefName": "panel_47", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "48", - "w": 8, - "x": 16, - "y": 52 - }, - "panelIndex": "48", - "panelRefName": "panel_48", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "49", - "w": 8, - "x": 40, - "y": 52 - }, - "panelIndex": "49", - "panelRefName": "panel_49", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "50", - "w": 8, - "x": 40, - "y": 76 - }, - "panelIndex": "50", - "panelRefName": "panel_50", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "51", - "w": 8, - "x": 40, - "y": 100 - }, - "panelIndex": "51", - "panelRefName": "panel_51", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "52", - "w": 8, - "x": 16, - "y": 100 - }, - "panelIndex": "52", - "panelRefName": "panel_52", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "53", - "w": 8, - "x": 16, - "y": 76 - }, - "panelIndex": "53", - "panelRefName": "panel_53", - "type": "visualization", - "version": "7.3.0" + "id": "netflow-38012abe-c611-4124-8497-381fcd85acc8", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MiwxXQ==", + "attributes": { + "description": "Netflow traffic analysis", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } ], - "timeRestore": false, - "title": "[Logs Netflow] Traffic Analysis", - "version": 1 + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-38012abe-c611-4124-8497-381fcd85acc8", - "migrationVersion": { - "dashboard": "8.0.0" + "optionsJSON": { + "darkTheme": false }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "netflow-5d868836-c7b2-4812-bf47-4838aac281d9", - "name": "9:panel_9", - "type": "visualization" - }, - { - "id": "netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "netflow-717cd7c7-bfca-435d-8ee7-38259927aade", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "netflow-681f0ce4-d828-4a99-b643-0c0715530050", - "name": "14:panel_14", - "type": "visualization" - }, - { - "id": "netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4", - "name": "16:panel_16", - "type": "visualization" - }, - { - "id": "netflow-248e00b4-8fc2-406f-8907-729d5380aaa7", - "name": "17:panel_17", - "type": "visualization" - }, - { - "id": "netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4", - "name": "18:panel_18", - "type": "visualization" - }, - { - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "name": "19:panel_19", - "type": "visualization" - }, - { - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "name": "20:panel_20", - "type": "visualization" - }, - { - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "name": "21:panel_21", - "type": "visualization" - }, - { - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "name": "22:panel_22", - "type": "visualization" - }, - { - "id": "netflow-a14c3248-952d-42aa-bd7d-9b39157a776f", - "name": "23:panel_23", - "type": "visualization" - }, - { - "id": "netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2", - "name": "24:panel_24", - "type": "visualization" - }, - { - "id": "netflow-0528bc66-6981-400a-a02d-c1d221b38890", - "name": "25:panel_25", - "type": "visualization" - }, - { - "id": "netflow-e99dc327-03de-4561-9e0c-f550710125c2", - "name": "26:panel_26", - "type": "visualization" - }, - { - "id": "netflow-32e712ed-fa15-4db7-8575-8476e8d65b03", - "name": "27:panel_27", - "type": "visualization" - }, - { - "id": "netflow-d59a031c-70d6-47d7-966d-7fcb805be9be", - "name": "28:panel_28", - "type": "visualization" - }, - { - "id": "netflow-af707b01-29f1-462b-b279-6d2e803f3645", - "name": "29:panel_29", - "type": "visualization" - }, - { - "id": "netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b", - "name": "30:panel_30", - "type": "visualization" - }, - { - "id": "netflow-30cd1009-2925-4c9b-820d-d689f5d1efda", - "name": "31:panel_31", - "type": "visualization" - }, - { - "id": "netflow-7d447b22-89dc-4f32-b549-4b8620af4d76", - "name": "34:panel_34", - "type": "visualization" - }, - { - "id": "netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0", - "name": "35:panel_35", - "type": "visualization" - }, - { - "id": "netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f", - "name": "38:panel_38", - "type": "visualization" - }, - { - "id": "netflow-201d7dd1-a880-4a64-b631-db5629340db9", - "name": "42:panel_42", - "type": "visualization" - }, - { - "id": "netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb", - "name": "44:panel_44", - "type": "visualization" - }, - { - "id": "netflow-a1704d46-15fc-41c2-851d-796ceb49877f", - "name": "45:panel_45", - "type": "visualization" - }, - { - "id": "netflow-15e2a267-2495-4df2-a121-abe410d2f18c", - "name": "47:panel_47", - "type": "visualization" - }, - { - "id": "netflow-f27c1479-0625-4cdc-92de-672e47db0f87", - "name": "48:panel_48", - "type": "visualization" - }, - { - "id": "netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", - "name": "49:panel_49", - "type": "visualization" - }, - { - "id": "netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6", - "name": "50:panel_50", - "type": "visualization" - }, - { - "id": "netflow-16262df9-a979-4136-935e-d883c7d373d7", - "name": "51:panel_51", - "type": "visualization" - }, - { - "id": "netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95", - "name": "52:panel_52", - "type": "visualization" - }, - { - "id": "netflow-2dca3025-692c-4876-8bcc-e0b248dc9819", - "name": "53:panel_53", - "type": "visualization" - } + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "1", + "w": 24, + "x": 24, + "y": 84 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 108 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 0, + "y": 108 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 24, + "x": 24, + "y": 36 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 24, + "x": 0, + "y": 84 + }, + "panelIndex": "9", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "11", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "12", + "w": 24, + "x": 0, + "y": 36 + }, + "panelIndex": "12", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "13", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "13", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "14", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "14", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "15", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 16, + "x": 0, + "y": 28 + }, + "panelIndex": "16", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 24, + "y": 4 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 24, + "y": 28 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Type of Service", + "field": "netflow.ip_class_of_service", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 52 + }, + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "VLAN", + "field": "netflow.vlan_id", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "20", + "w": 16, + "x": 24, + "y": 52 + }, + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TCP Flags", + "field": "netflow.tcp_control_bits", + "order": "desc", + "orderBy": "1", + "size": 255 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "21", + "w": 16, + "x": 0, + "y": 76 + }, + "panelIndex": "21", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Autonomous System", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "22", + "w": 16, + "x": 24, + "y": 76 + }, + "panelIndex": "22", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "23", + "w": 16, + "x": 0, + "y": 100 + }, + "panelIndex": "23", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "24", + "w": 16, + "x": 24, + "y": 100 + }, + "panelIndex": "24", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Sources (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "25", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "25", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Destination Count [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "fontSize": "32", + "handleNoResults": true + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destinations", + "field": "destination.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "26", + "w": 8, + "x": 40, + "y": 4 + }, + "panelIndex": "26", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Source Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Sources", + "field": "source.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "27", + "w": 8, + "x": 16, + "y": 4 + }, + "panelIndex": "27", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "28", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "28", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Destination Port Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Ports", + "field": "destination.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "29", + "w": 8, + "x": 40, + "y": 28 + }, + "panelIndex": "29", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Source Port Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Ports", + "field": "source.port" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "30", + "w": 8, + "x": 16, + "y": 28 + }, + "panelIndex": "30", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "31", + "w": 24, + "x": 24, + "y": 92 + }, + "panelIndex": "31", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Cities (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "34", + "w": 24, + "x": 24, + "y": 116 + }, + "panelIndex": "34", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "35", + "w": 24, + "x": 0, + "y": 116 + }, + "panelIndex": "35", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Ports (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "38", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "38", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Ports (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "42", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "42", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "TCP Flags (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "44", + "w": 24, + "x": 0, + "y": 92 + }, + "panelIndex": "44", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Types of Service (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "45", + "w": 24, + "x": 0, + "y": 68 + }, + "panelIndex": "45", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "VLANs (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" + }, + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "47", + "w": 24, + "x": 24, + "y": 68 + }, + "panelIndex": "47", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "ToS Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Types of Service", + "field": "netflow.ip_class_of_service" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "48", + "w": 8, + "x": 16, + "y": 52 + }, + "panelIndex": "48", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "VLAN Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "VLANs", + "field": "netflow.vlan_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "49", + "w": 8, + "x": 40, + "y": 52 + }, + "panelIndex": "49", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Autonomous System Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Autonomous Systems", + "field": "destination.as.organization.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "50", + "w": 8, + "x": 40, + "y": 76 + }, + "panelIndex": "50", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "City Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Cities", + "field": "destination.geo.city_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "51", + "w": 8, + "x": 40, + "y": 100 + }, + "panelIndex": "51", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Country Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Countries", + "field": "destination.geo.country_name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "52", + "w": 8, + "x": 16, + "y": 100 + }, + "panelIndex": "52", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "TCP Flags Count [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 + }, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "TCP Flag States", + "field": "netflow.tcp_control_bits" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "53", + "w": 8, + "x": 16, + "y": 76 + }, + "panelIndex": "53", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Traffic Analysis", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "21:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "22:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "23:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "24:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "26:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "27:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "29:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "30:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "48:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "49:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "50:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "51:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "52:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "53:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json index 9b79d1ab9ac..fdf14e0990b 100644 --- a/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json +++ b/packages/netflow/kibana/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024.json @@ -1,186 +1,394 @@ { - "attributes": { - "description": "Netflow geo location", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": { - "query": "netflow.log" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" + "id": "netflow-77326664-23be-4bf1-a126-6d7e60cfc024", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2MywxXQ==", + "attributes": { + "description": "Netflow geo location", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": { + "query": "netflow.log" } + } } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "17", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "18", - "w": 16, - "x": 0, - "y": 12 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "8.0.0" + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Countries and Cities (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "19", - "w": 16, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Country", + "field": "destination.geo.country_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "City", + "field": "destination.geo.city_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "17", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "17", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "20", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "18", + "w": 16, + "x": 0, + "y": 12 + }, + "panelIndex": "18", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Geo Location Heatmap [Logs Netflow]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 24, - "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "w": 32, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Geo Location", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-77326664-23be-4bf1-a126-6d7e60cfc024", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823", - "name": "17:panel_17", - "type": "visualization" + "gridData": { + "h": 8, + "i": "19", + "w": 16, + "x": 0, + "y": 20 }, - { - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "name": "18:panel_18", - "type": "visualization" + "panelIndex": "19", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "name": "19:panel_19", - "type": "visualization" + "gridData": { + "h": 4, + "i": "20", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "20:panel_20", - "type": "visualization" + "panelIndex": "20", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 24, + "i": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", + "w": 32, + "x": 16, + "y": 4 }, - { - "id": "logs-*", - "name": "41aa0e4c-7e76-4715-bf20-c756e74ffe02:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "41aa0e4c-7e76-4715-bf20-c756e74ffe02", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"9afd9bfb-ab56-4bc3-a8c6-e412c1bc7f24\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"85982ce7-be78-44ec-a692-96c118b3a187\",\"includeInFitToBounds\":true,\"label\":\"Destination Geo Location Heatmap [Logs Netflow]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"6972252f-e3a3-4886-abfb-bea957bc1c73\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"colorRampName\":\"theclassic\",\"type\":\"HEATMAP\"},\"type\":\"HEATMAP\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-24h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Geo Location Heatmap [Logs Netflow]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Geo Location", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41aa0e4c-7e76-4715-bf20-c756e74ffe02:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json index e3122490680..3d115831250 100644 --- a/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json +++ b/packages/netflow/kibana/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365.json @@ -1,166 +1,387 @@ { - "attributes": { - "description": "Netflow flow records", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true + "id": "netflow-94972700-de4a-4272-9143-2fa8d4981365", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NCwxXQ==", + "attributes": { + "description": "Netflow flow records", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 36, - "x": 12, - "y": 4 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Records [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "gridData": { - "h": 8, - "i": "3", - "w": 12, - "x": 0, - "y": 4 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Flow Records" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "4", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Timeline", + "extended_bounds": {}, + "field": "event.end", + "interval": "s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Version", + "field": "netflow.exporter.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 36, + "x": 12, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "Flow Records [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } }, - { - "embeddableConfig": { - "columns": [ - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "network.transport", - "network.bytes", - "network.packets" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "32", + "gauge": { + "autoExtend": false, + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "gaugeColorMode": "None", + "gaugeStyle": "Full", + "gaugeType": "Metric", + "invertColors": false, + "labels": { + "color": "black", + "show": true }, - "gridData": { - "h": 16, - "i": "5", - "w": 48, - "x": 0, - "y": 12 + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": false, + "width": 2 }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.3.0" + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": "36", + "labelColor": false, + "subText": "" + }, + "type": "simple", + "useRange": false, + "verticalSplit": false + }, + "handleNoResults": true, + "type": "gauge" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Flow records", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-94972700-de4a-4272-9143-2fa8d4981365", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + } }, - { - "id": "netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "3", + "w": 12, + "x": 0, + "y": 4 }, - { - "id": "netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 4, + "i": "4", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "4:panel_4", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "network.transport", + "network.bytes", + "network.packets" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "netflow-a34c6611-79d8-4b50-ae3f-8b328d28e24a", - "name": "5:panel_5", - "type": "search" - } + "gridData": { + "h": 16, + "i": "5", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Flow records", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "netflow-a34c6611-79d8-4b50-ae3f-8b328d28e24a", + "name": "5:panel_5", + "type": "search" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json index b5855d9e644..f2e48c4ae60 100644 --- a/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json +++ b/packages/netflow/kibana/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32.json @@ -1,177 +1,533 @@ { - "attributes": { - "description": "Netflow conversation partners", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true + "id": "netflow-acd7a630-0c71-4840-bc9e-4a3801374a32", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NSwxXQ==", + "attributes": { + "description": "Netflow conversation partners", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + }, + "savedVis": { + "title": "Conversation Partners [Logs Netflow]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": 2, + "direction": "desc" + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": 2, + "direction": "desc" + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "1", - "w": 48, - "x": 0, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "gridData": { - "h": 8, - "i": "2", - "w": 16, - "x": 32, - "y": 4 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "IP Version and Protocols (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "sum", + "format": { + "id": "bytes" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "3", - "w": 16, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "IP Version", + "field": "network.type", + "missingBucket": true, + "missingBucketLabel": "unset ip version", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Protocol", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 8, - "i": "4", - "w": 16, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 4, - "i": "5", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Conversation Partners", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-acd7a630-0c71-4840-bc9e-4a3801374a32", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 16, + "y": 4 }, - { - "id": "netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 4, + "i": "5", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "5:panel_5", - "type": "visualization" - } + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Netflow] Conversation Partners", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "1:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json index 26fda9c578d..05f4ca86f23 100644 --- a/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json +++ b/packages/netflow/kibana/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a.json @@ -1,232 +1,495 @@ { - "attributes": { - "description": "Autonomous systems Netflow", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-c64665f9-d222-421e-90b0-c7310d944b8a", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NiwxXQ==", + "attributes": { + "description": "Autonomous systems Netflow", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "2", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "3", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Autonomous Systems (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "4", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Source Autonomous Systems (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source ASs (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "6", - "w": 16, - "x": 0, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination AS", + "field": "destination.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source AS", + "field": "source.as.organization.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destinations and Sources (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "7", - "w": 16, - "x": 16, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination", + "field": "destination.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source", + "field": "source.ip", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "7", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Destination and Source Ports (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "8", - "w": 16, - "x": 32, - "y": 4 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Autonomous Systems", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "8", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Autonomous Systems", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c64665f9-d222-421e-90b0-c7310d944b8a", - "migrationVersion": { - "dashboard": "8.0.0" + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-12aad647-c45d-4667-a029-152c1a97cbbc", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-f7808e70-df2a-4532-a350-966704567c24", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "name": "7:panel_7", - "type": "visualization" - }, - { - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "name": "8:panel_8", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "8:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json index 905e351698e..36e5e9fffa1 100644 --- a/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json +++ b/packages/netflow/kibana/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425.json @@ -1,232 +1,452 @@ { - "attributes": { - "description": "Netflow exporters", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "globalState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "netflow.log" - }, - "type": "phrase", - "value": "netflow.log" - }, - "query": { - "match": { - "data_stream.dataset": { - "query": "netflow.log", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, + "id": "netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T11:33:33.125Z", + "version": "WzY2NywxXQ==", + "attributes": { + "description": "Netflow exporters", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "globalState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "netflow.log" + }, + "type": "phrase", + "value": "netflow.log" + }, + "query": { + "match": { + "data_stream.dataset": { + "query": "netflow.log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Dashboard Navigation [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 4, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Flow Exporters (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "2", - "w": 16, - "x": 0, - "y": 4 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Flow Exporter", + "field": "agent.name", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "2", + "w": 16, + "x": 0, + "y": 4 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "3", - "w": 16, - "x": 16, - "y": 4 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Ingress Interface", + "field": "netflow.ingress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "3", + "w": 16, + "x": 16, + "y": 4 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (flow records) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + } }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Flow Records" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "4", - "w": 16, - "x": 32, - "y": 4 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Egress Interface", + "field": "netflow.egress_interface", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 16, + "x": 32, + "y": 4 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "5", - "w": 24, - "x": 24, - "y": 12 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Egress Interfaces (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "6", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (packets) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "8", - "w": 24, - "x": 0, - "y": 20 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "8", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Ingress Interfaces (bytes) [Logs Netflow]", + "description": "", + "uiState": {}, + "params": { + "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) > .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", + "interval": "auto" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "10", - "w": 24, - "x": 0, - "y": 12 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "type": "timelion", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Netflow] Flow Exporters", - "version": 1 + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "10", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "[Logs Netflow] Flow Exporters", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425", - "migrationVersion": { - "dashboard": "8.0.0" + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "netflow-441c6c50-fa1a-489c-96c6-76f7925dea24", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "netflow-85ebf558-402b-45d2-a186-e15f8673ec07", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", - "name": "6:panel_6", - "type": "visualization" - }, - { - "id": "netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600", - "name": "10:panel_10", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json b/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json deleted file mode 100644 index dc8a4c8785e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLAN Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "VLANs", - "field": "netflow.vlan_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "VLAN Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0177bf1a-cba8-4ba6-a1d7-73caed86ffc2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json b/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json deleted file mode 100644 index 8ffff407cd1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Autonomous Systems [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Autonomous System", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Autonomous Systems [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-036aef95-ec90-468d-ad7c-3cc4405e9e81", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json b/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json deleted file mode 100644 index c02adaa640f..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0528bc66-6981-400a-a02d-c1d221b38890.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Sources (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0528bc66-6981-400a-a02d-c1d221b38890", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json b/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json deleted file mode 100644 index e0413effa49..00000000000 --- a/packages/netflow/kibana/visualization/netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-0b2818fd-aecc-4bef-b566-9466eb702ae4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json b/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json deleted file mode 100644 index beda20df3aa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-12aad647-c45d-4667-a029-152c1a97cbbc.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-12aad647-c45d-4667-a029-152c1a97cbbc", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json b/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json deleted file mode 100644 index febb8414275..00000000000 --- a/packages/netflow/kibana/visualization/netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Ingress Interface", - "field": "netflow.ingress_interface", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Ingress Interfaces (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-14c7136d-b4aa-4367-9461-52bf8b5c4796", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json b/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json deleted file mode 100644 index 74ebfa6a05a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-15295ea6-ba84-47db-8ced-9312abbf495c.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Sources [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Sources [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-15295ea6-ba84-47db-8ced-9312abbf495c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json b/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json deleted file mode 100644 index 4ab92fe3abd..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1558508d-591c-49be-bef4-85fdac18a960.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources and Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Sources and Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1558508d-591c-49be-bef4-85fdac18a960", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json b/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json deleted file mode 100644 index 8a8665c9950..00000000000 --- a/packages/netflow/kibana/visualization/netflow-15e2a267-2495-4df2-a121-abe410d2f18c.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "VLANs (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-15e2a267-2495-4df2-a121-abe410d2f18c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json b/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json deleted file mode 100644 index f7afef7cdda..00000000000 --- a/packages/netflow/kibana/visualization/netflow-16262df9-a979-4136-935e-d883c7d373d7.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "City Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Cities", - "field": "destination.geo.city_name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "City Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-16262df9-a979-4136-935e-d883c7d373d7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json b/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json deleted file mode 100644 index 6c5da284400..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Ingress Interfaces (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1cd36f5d-d9c7-4098-acdb-14d312ecfb72", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json b/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json deleted file mode 100644 index d21f469a220..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Type of Service", - "field": "netflow.ip_class_of_service", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1cf30eac-aae8-47fa-a156-37f6346d2d5a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json b/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json deleted file mode 100644 index c3160856d26..00000000000 --- a/packages/netflow/kibana/visualization/netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Cities (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-1e74d5cb-556d-42ee-8042-88f6c1af47f0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json b/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json deleted file mode 100644 index 1aca5ff37cd..00000000000 --- a/packages/netflow/kibana/visualization/netflow-201d7dd1-a880-4a64-b631-db5629340db9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Ports (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-201d7dd1-a880-4a64-b631-db5629340db9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json b/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json deleted file mode 100644 index 78058b24e7a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries and Cities (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries and Cities (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2316bb53-d98a-4f0f-8cd8-51e9fb317823", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json b/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json deleted file mode 100644 index 761ffe4dd83..00000000000 --- a/packages/netflow/kibana/visualization/netflow-248e00b4-8fc2-406f-8907-729d5380aaa7.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-248e00b4-8fc2-406f-8907-729d5380aaa7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json b/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json deleted file mode 100644 index c788b314a90..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Protocols [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Protocol", - "field": "network.transport", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Protocols [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2b3d4e86-2254-4033-8fe3-ce4753fafd03", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json b/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json deleted file mode 100644 index 900166724d9..00000000000 --- a/packages/netflow/kibana/visualization/netflow-2dca3025-692c-4876-8bcc-e0b248dc9819.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "TCP Flag States", - "field": "netflow.tcp_control_bits" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "TCP Flags Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-2dca3025-692c-4876-8bcc-e0b248dc9819", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json b/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json deleted file mode 100644 index 58efe0b1b14..00000000000 --- a/packages/netflow/kibana/visualization/netflow-30cd1009-2925-4c9b-820d-d689f5d1efda.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-30cd1009-2925-4c9b-820d-d689f5d1efda", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json b/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json deleted file mode 100644 index b5190f6f364..00000000000 --- a/packages/netflow/kibana/visualization/netflow-31708a70-4957-4a8a-8065-5c88a344ad02.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Exporters (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Flow Exporters (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-31708a70-4957-4a8a-8065-5c88a344ad02", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json b/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json deleted file mode 100644 index 39955737f81..00000000000 --- a/packages/netflow/kibana/visualization/netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Destination Ports [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.port", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destination Ports [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-31b5f6fd-eb9d-4e97-90fd-367062ef217f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json b/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json deleted file mode 100644 index d78307bf10a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-32e712ed-fa15-4db7-8575-8476e8d65b03.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Sources", - "field": "source.ip" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Source Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-32e712ed-fa15-4db7-8575-8476e8d65b03", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json b/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json deleted file mode 100644 index 04a65630226..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Ports (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3a4209e2-281c-467e-b5cb-315bf4a2661f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json b/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json deleted file mode 100644 index 286f3d8ee1d..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Version (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Version", - "field": "netflow.exporter.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Version (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3dec20c0-0d4f-43ef-8864-3779e1a1b33f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json b/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json deleted file mode 100644 index ded1dec033e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-3e27fb83-b3e3-4c15-b999-ed6da49b7a86", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json b/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json deleted file mode 100644 index b6ea42b0081..00000000000 --- a/packages/netflow/kibana/visualization/netflow-441c6c50-fa1a-489c-96c6-76f7925dea24.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Exporters (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Flow Exporters (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-441c6c50-fa1a-489c-96c6-76f7925dea24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json b/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json deleted file mode 100644 index 7de837f806a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Egress Interface", - "field": "netflow.egress_interface", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Egress Interfaces (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-4ac97841-c89f-4d50-b3c6-6253f7e1dd1a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json b/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json deleted file mode 100644 index 084381e5509..00000000000 --- a/packages/netflow/kibana/visualization/netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Records [Logs Netflow]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Timeline", - "extended_bounds": {}, - "field": "event.end", - "interval": "s", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Version", - "field": "netflow.exporter.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Flow Records" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "times": [], - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Flow Records [Logs Netflow]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-4bb0255e-18ed-45e4-bfb9-de8e35b12094", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json b/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json deleted file mode 100644 index 86e6aeee61c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5292a65b-c532-422a-9008-1251a8073a3a.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Cities [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": true, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Cities [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5292a65b-c532-422a-9008-1251a8073a3a", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json b/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json deleted file mode 100644 index 42af6b7c3c2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Destinations [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Destinations [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5303e99b-389c-47b7-ae7a-945c5a92ba49", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json b/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json deleted file mode 100644 index 70b8cd24a1c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-57e13a20-e94f-4465-a942-42148634a1d2.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "TCP Flags", - "field": "netflow.tcp_control_bits", - "order": "desc", - "orderBy": "1", - "size": 255 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-57e13a20-e94f-4465-a942-42148634a1d2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json b/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json deleted file mode 100644 index 2ac9972a3fe..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries and Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries and Cities (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5ccac452-e90a-4dde-ae9b-1be36ce3f761", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json b/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json deleted file mode 100644 index 1e3023edf4c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Countries (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5cfb2c9a-4815-4a25-9d7e-ab0ef55ffe63", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json b/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json deleted file mode 100644 index 8749432363f..00000000000 --- a/packages/netflow/kibana/visualization/netflow-5d868836-c7b2-4812-bf47-4838aac281d9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "TCP Flags (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-5d868836-c7b2-4812-bf47-4838aac281d9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json b/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json deleted file mode 100644 index c7eae50c7fb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Country Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Countries", - "field": "destination.geo.country_name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Country Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-63ef5338-fdf2-488e-b78a-f0e98daccc95", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json b/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json deleted file mode 100644 index b8e00a7fafa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-67fdca65-a9df-47f0-a8a4-1e8b056325de", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json b/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json deleted file mode 100644 index a9a4732e8a2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-681f0ce4-d828-4a99-b643-0c0715530050.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Destinations (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-681f0ce4-d828-4a99-b643-0c0715530050", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json b/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json deleted file mode 100644 index 71a6d854f35..00000000000 --- a/packages/netflow/kibana/visualization/netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Sources (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-6bbd6712-494a-4fd9-b3d3-757304681f0f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json b/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json deleted file mode 100644 index 477c7bd61ba..00000000000 --- a/packages/netflow/kibana/visualization/netflow-717cd7c7-bfca-435d-8ee7-38259927aade.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Types of Service (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-717cd7c7-bfca-435d-8ee7-38259927aade", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json b/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json deleted file mode 100644 index 0ab7a6311f0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-751ecb6f-11c3-458d-b039-f6d57a6379fa", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json b/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json deleted file mode 100644 index 2bb1c72f24b..00000000000 --- a/packages/netflow/kibana/visualization/netflow-7d447b22-89dc-4f32-b549-4b8620af4d76.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.city_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.city_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Cities (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-7d447b22-89dc-4f32-b549-4b8620af4d76", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json b/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json deleted file mode 100644 index 33e66c77219..00000000000 --- a/packages/netflow/kibana/visualization/netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "VLAN", - "field": "netflow.vlan_id", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-7fa6cb0a-518d-46e9-a228-15cd4253a957", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json b/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json deleted file mode 100644 index 2375e7bc5ed..00000000000 --- a/packages/netflow/kibana/visualization/netflow-85ebf558-402b-45d2-a186-e15f8673ec07.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Egress Interfaces (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-85ebf558-402b-45d2-a186-e15f8673ec07", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json b/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json deleted file mode 100644 index 900b573fed2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "TCP Flags (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.tcp_control_bits:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.tcp_control_bits:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "TCP Flags (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-8f83cf97-4a48-421f-8db5-690297d1f4fb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json b/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json deleted file mode 100644 index 44db4dc3110..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a14c3248-952d-42aa-bd7d-9b39157a776f.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Country", - "field": "destination.geo.country_name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Countries (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a14c3248-952d-42aa-bd7d-9b39157a776f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json b/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json deleted file mode 100644 index 4a2156c25f1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a1704d46-15fc-41c2-851d-796ceb49877f.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Types of Service (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.ip_class_of_service:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ip_class_of_service:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Types of Service (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a1704d46-15fc-41c2-851d-796ceb49877f", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json b/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json deleted file mode 100644 index b62d2b73a92..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "VLANs (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.vlan_id:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.vlan_id:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "VLANs (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a5efa3dd-f53a-4d14-9d3f-ee73345fd93d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json b/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json deleted file mode 100644 index 6abe1c2fb64..00000000000 --- a/packages/netflow/kibana/visualization/netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "City", - "field": "destination.geo.city_name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Cities (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-a685420e-c45f-4b62-932b-5b76ac8b8ca2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json b/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json deleted file mode 100644 index a1723e92f4b..00000000000 --- a/packages/netflow/kibana/visualization/netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-abfa0b19-60cd-4984-9c3d-02ebf0aa1dfb", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json b/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json deleted file mode 100644 index 27b7d0531e7..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ae334aec-31fa-4df7-a064-40b18831d819.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "IP Version and Protocols (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "IP Version", - "field": "network.type", - "missingBucket": true, - "missingBucketLabel": "unset ip version", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Protocol", - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "buckets": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - }, - { - "accessor": 2, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - } - ], - "metric": { - "accessor": 1, - "aggType": "sum", - "format": { - "id": "bytes" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "IP Version and Protocols (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ae334aec-31fa-4df7-a064-40b18831d819", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json b/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json deleted file mode 100644 index 133d7f65b2e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-aed09724-0a69-4331-84f5-3d2067c43930.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Sources (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Sources (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-aed09724-0a69-4331-84f5-3d2067c43930", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json b/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json deleted file mode 100644 index 862feb2e9a8..00000000000 --- a/packages/netflow/kibana/visualization/netflow-af707b01-29f1-462b-b279-6d2e803f3645.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Port Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Ports", - "field": "destination.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Destination Port Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-af707b01-29f1-462b-b279-6d2e803f3645", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json b/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json deleted file mode 100644 index 30611995855..00000000000 --- a/packages/netflow/kibana/visualization/netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Locality (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Locality", - "field": "flow.locality", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Locality (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-b02c2713-17f0-41dd-88a3-ce33b446f19d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json b/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json deleted file mode 100644 index fd35ef3ba18..00000000000 --- a/packages/netflow/kibana/visualization/netflow-b677cd82-b33e-49b3-8b6e-0e110177b163.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Direction (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Direction", - "field": "network.direction", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Direction (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-b677cd82-b33e-49b3-8b6e-0e110177b163", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json b/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json deleted file mode 100644 index 8bc89794de5..00000000000 --- a/packages/netflow/kibana/visualization/netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Flow Records [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Flow Records [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c27c6a3b-93ee-44d5-8d0c-9b097e575f52", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json b/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json deleted file mode 100644 index a54c0de5388..00000000000 --- a/packages/netflow/kibana/visualization/netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-c54f5529-e6d7-4c26-8e8e-3b35de132035", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json b/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json deleted file mode 100644 index 8bd62437c89..00000000000 --- a/packages/netflow/kibana/visualization/netflow-cccff92f-cb71-49a9-9caf-84867751d31e.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Flow Exporters [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Flow Exporter", - "field": "agent.name", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Flow Exporters [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-cccff92f-cb71-49a9-9caf-84867751d31e", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json b/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json deleted file mode 100644 index 41f2bbd2b35..00000000000 --- a/packages/netflow/kibana/visualization/netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination Ports (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-cf399a85-e348-4ac1-a399-e8f5a44114c4", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json b/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json deleted file mode 100644 index 883c2b9a683..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destination Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d27b5d74-b3b4-4311-a0e6-08ff8f4345df", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json b/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json deleted file mode 100644 index 3b326d17da4..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Ingress Interfaces (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"netflow.ingress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.ingress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Ingress Interfaces (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d3df8d28-65f8-4ea1-8b33-f479380a0600", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json b/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json deleted file mode 100644 index 1feb33568aa..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Countries (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.geo.country_name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.geo.country_name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Countries (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d41a9663-e5ad-47a7-955e-3803ae4e23c0", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json b/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json deleted file mode 100644 index 6292e6e6d8e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Dashboard Navigation [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "markdown": "[Overview](#/dashboard/netflow-34e26884-161a-4448-9556-43b5bf2f62a2) | [Conversation Partners](#/dashboard/netflow-acd7a630-0c71-4840-bc9e-4a3801374a32) | [Traffic Analysis](#/dashboard/netflow-38012abe-c611-4124-8497-381fcd85acc8) | [Top-N](#/dashboard/netflow-14387a13-53bc-43a4-b9cd-63977aa8d87c) | [Geo Location](#/dashboard/netflow-77326664-23be-4bf1-a126-6d7e60cfc024) | [Autonomous Systems](#/dashboard/netflow-c64665f9-d222-421e-90b0-c7310d944b8a) | [Flow Exporters](#/dashboard/netflow-feebb4e6-b13e-4e4e-b9fc-d3a178276425) | [Raw Flow Records](#/dashboard/netflow-94972700-de4a-4272-9143-2fa8d4981365)\n***" - }, - "title": "Dashboard Navigation [Logs Netflow]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d4e6520a-9ced-47c9-a8f2-7246e8cbd2d3", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json b/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json deleted file mode 100644 index c1f314c7bdb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous System Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Autonomous Systems", - "field": "destination.as.organization.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Autonomous System Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d5568704-e30b-4108-bb49-06a9b8dce6a6", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json b/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json deleted file mode 100644 index 5a734dc2511..00000000000 --- a/packages/netflow/kibana/visualization/netflow-d59a031c-70d6-47d7-966d-7fcb805be9be.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"destination.ip:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* destination.ip:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Destinations (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-d59a031c-70d6-47d7-966d-7fcb805be9be", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json b/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json deleted file mode 100644 index e729356ceb1..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Port Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Ports", - "field": "source.port" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "Source Port Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ddd27657-c3c8-4f82-8059-6d7763dd599b", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json b/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json deleted file mode 100644 index 7bdbc01faa2..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destinations and Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destinations and Sources (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e822f94c-5f65-4963-a540-74ca9c25bd2d", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json b/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json deleted file mode 100644 index bf90f945310..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e99dc327-03de-4561-9e0c-f550710125c2.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination Count [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destinations", - "field": "destination.ip" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "fontSize": "32", - "handleNoResults": true - }, - "title": "Destination Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e99dc327-03de-4561-9e0c-f550710125c2", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json b/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json deleted file mode 100644 index 6f854529f42..00000000000 --- a/packages/netflow/kibana/visualization/netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Top Source Ports [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Source", - "field": "source.port", - "order": "desc", - "orderBy": "2", - "size": 500 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": true, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Source Ports [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-e9ad835b-b2f2-42d3-a3e7-555a593deacf", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json b/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json deleted file mode 100644 index 07b112eb86e..00000000000 --- a/packages/netflow/kibana/visualization/netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9.json +++ /dev/null @@ -1,114 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Conversation Partners [Logs Netflow]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": 2, - "direction": "desc" - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Packets", - "field": "network.packets" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination", - "field": "destination.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": 2, - "direction": "desc" - }, - "totalFunc": "sum" - }, - "title": "Conversation Partners [Logs Netflow]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-ebea013f-9b5b-4f61-a9c8-c62bebf62ae9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json b/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json deleted file mode 100644 index 84a84963419..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f27c1479-0625-4cdc-92de-672e47db0f87.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "ToS Count [Logs Netflow]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Types of Service", - "field": "netflow.ip_class_of_service" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "32", - "gauge": { - "autoExtend": false, - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "gaugeColorMode": "None", - "gaugeStyle": "Full", - "gaugeType": "Metric", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": false, - "width": 2 - }, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": "36", - "labelColor": false, - "subText": "" - }, - "type": "simple", - "useRange": false, - "verticalSplit": false - }, - "handleNoResults": true, - "type": "gauge" - }, - "title": "ToS Count [Logs Netflow]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f27c1479-0625-4cdc-92de-672e47db0f87", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json b/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json deleted file mode 100644 index ea1a1f65eae..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f531f957-e8c0-497a-ad41-ef39c2d29671.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source Ports (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Port", - "field": "destination.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source Port", - "field": "source.port", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source Ports (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f531f957-e8c0-497a-ad41-ef39c2d29671", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json b/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json deleted file mode 100644 index 3ce38d3586a..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.bytes\", split=\"source.port:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.port:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"bytes / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Ports (bytes) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f668ecdb-eec7-44c6-9060-26aaf9fc8404", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json b/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json deleted file mode 100644 index 0b81e7b9ed0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Source Autonomous Systems (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"source.as.organization.name:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* source.as.organization.name:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Source Autonomous Systems (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f75063c7-48b7-4de4-b8cb-d07eb2cea0e9", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json b/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json deleted file mode 100644 index f14db0c724c..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f772028b-d5a6-4d55-b441-493871981a60.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Autonomous System", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Autonomous Systems (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f772028b-d5a6-4d55-b441-493871981a60", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json b/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json deleted file mode 100644 index 9c3deab49d3..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f7808e70-df2a-4532-a350-966704567c24.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Destination and Source ASs (flow records) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Flow Records" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination AS", - "field": "destination.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source AS", - "field": "source.as.organization.name", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Destination and Source ASs (flow records) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f7808e70-df2a-4532-a350-966704567c24", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json b/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json deleted file mode 100644 index aec085e8ea0..00000000000 --- a/packages/netflow/kibana/visualization/netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Egress Interfaces (packets) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "listeners": {}, - "params": { - "expression": ".es(index=\"logs-*\", metric=\"sum:network.packets\", split=\"netflow.egress_interface:10\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\"lt\", if=0, then=0).trim(start=2,end=1).label(regex=\"^.* netflow.egress_interface:(.+) \u003e .*$\", label=\"$1\").lines(width=1, stack=true, fill=1).yaxis(label=\"packets / sec\", min=0)", - "interval": "auto" - }, - "title": "Egress Interfaces (packets) [Logs Netflow]", - "type": "timelion" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-f86a7769-8ef6-408d-bbe3-985d0ea0a3f7", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json b/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json deleted file mode 100644 index cbd226f3afb..00000000000 --- a/packages/netflow/kibana/visualization/netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes", - "field": "network.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source", - "field": "source.ip", - "order": "desc", - "orderBy": "1", - "size": 50 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - } - }, - "title": "Sources (bytes) [Logs Netflow]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "netflow-fd6c1144-5026-4795-b7af-a9aa3fc28c56", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index 52b09acb85c..1a20e8d0efb 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: "2.3.1" +version: "2.3.2" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 policy_templates: - name: netflow title: NetFlow logs diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 63154aa4de5..957dc0e904d 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.7.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json index de1a0987cf9..4273ff05fd5 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json @@ -1,173 +1,921 @@ { - "attributes": { - "description": "Overview of DNS request and response metrics.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-65120940-1454-11e9-9de0-f98d1808db8e", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxNiwxXQ==", + "attributes": { + "description": "Overview of DNS request and response metrics.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Query Summary", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "17", + "handleNoResults": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 28, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Server Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Avg Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "1", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Request Status Over Time", + "description": "", + "uiState": { + "vis": { + "colors": { + "Error": "#890F02", + "OK": "#0A50A1" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2", - "w": 24, - "x": 24, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Question Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3", - "w": 13, - "x": 0, - "y": 15 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 13, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Top 10 Questions", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "6", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Question", + "field": "dns.question.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "status", + "negate": false, + "params": { + "query": "OK", + "type": "phrase" + }, + "type": "phrase", + "value": "OK" + }, + "query": { + "match": { + "status": { + "query": "OK", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Response Codes", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 15 - }, - "panelIndex": "7", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8", - "w": 11, - "x": 13, - "y": 15 - }, - "panelIndex": "8", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Response Code", + "field": "dns.response_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DNS Overview", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-65120940-1454-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-dns-query-summary", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "network_traffic-dns-request-status-over-time", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "network_traffic-dns-question-types", - "name": "panel_2", - "type": "visualization" + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", + "description": "", + "uiState": { + "vis": { + "colors": { + "Avg Response Time (ns)": "#629E51", + "Max Response Time (ns)": "#E24D42", + "Min Response Time (ns)": "#70DBED" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "4", + "label": "Min Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "1", + "label": "Avg Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "3", + "label": "Max Response Time (ns)" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Average event.duration" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Min Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Max Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "max" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-dns-top-10-questions", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 15 }, - { - "id": "network_traffic-dns-response-codes", - "name": "panel_4", - "type": "visualization" + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Server", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Client", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 15, + "i": "8", + "w": 11, + "x": 13, + "y": 15 }, - { - "id": "network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DNS Overview", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json index fcdb9e026c5..c6af4e9d293 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json @@ -1,182 +1,598 @@ { - "attributes": { - "description": "DHCPv4 Overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxNywxXQ==", + "attributes": { + "description": "DHCPv4 Overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Message Types over Time", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "c2cf4410-8ba8-11e8-ae15-bdcba81344e6" + } + ], + "drop_last_bucket": 1, + "filter": { + "language": "lucene", + "query": "type:dhcpv4" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "ignore_global_filter": 0, + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "NOT dhcpv4.option.message_type:nak NOT dhcpv4.option.message_type:decline" + }, + "formatter": "number", + "id": "8abe6eb0-8ba9-11e8-ae15-bdcba81344e6", + "label": "Response", + "line_width": 1, + "metrics": [ + { + "id": "8abe6eb1-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "dhcpv4.option.message_type" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "dhcpv4.option.message_type:nak" + }, + "formatter": "number", + "id": "ae5610d0-8ba9-11e8-ae15-bdcba81344e6", + "label": "nak", + "line_width": "4", + "metrics": [ + { + "id": "ae5610d1-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": "3", + "seperate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(244,78,59,1)", + "fill": 0.5, + "filter": { + "language": "lucene", + "query": "dhcpv4.option.message_type:decline" + }, + "formatter": "number", + "id": "cf7ba180-8ba9-11e8-ae15-bdcba81344e6", + "label": "decline", + "line_width": "4", + "metrics": [ + { + "id": "cf7ba181-8ba9-11e8-ae15-bdcba81344e6", + "type": "count" + } + ], + "point_size": "3", + "seperate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "data_stream.dataset:network_traffic.dhcpv4" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 9, + "i": "1", + "w": 48, + "x": 0, + "y": 7 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 9, - "i": "1", - "w": 48, - "x": 0, - "y": 7 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 57, + "labelColor": false, + "subText": "" }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "2", - "w": 8, - "x": 0, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "dhcpv4.option.message_type:nak OR dhcpv4.option.message_type:decline" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "2", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Message Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 7, - "i": "3", - "w": 11, - "x": 37, - "y": 0 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Op Code", + "field": "dhcpv4.op_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Message Type", + "field": "dhcpv4.option.message_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "3", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 14, + "i": "5", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Transaction Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 14, - "i": "5", - "w": 48, - "x": 0, - "y": 16 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Transactions", + "field": "dhcpv4.transaction_id" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "6", + "w": 8, + "x": 8, + "y": 0 + }, + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Client Count", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "6", - "w": 8, - "x": 8, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique MACs", + "field": "dhcpv4.client_mac" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "7", + "w": 8, + "x": 16, + "y": 0 + }, + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DHCPv4 Data Transfer", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 7, - "i": "7", - "w": 8, - "x": 16, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 24, + "labelColor": false, + "subText": "" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Requests", + "field": "client.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 7, - "i": "8", - "w": 13, - "x": 24, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Responses", + "field": "server.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DHCPv4", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "5:panel_5", - "type": "search" - }, - { - "id": "network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb", - "name": "6:panel_6", - "type": "visualization" + } }, - { - "id": "network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 7, + "i": "8", + "w": 13, + "x": 24, + "y": 0 }, - { - "id": "network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb", - "name": "8:panel_8", - "type": "visualization" - } + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DHCPv4", + "version": 1 + }, + "references": [ + { + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", + "name": "5:panel_5", + "type": "search" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json b/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json index 65c3fafb0e2..2917fc65669 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-cassandra.json @@ -1,283 +1,967 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-cassandra", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxOCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseKeyspace", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.response.result.rows.meta.keyspace", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.result.rows.meta.table", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 8, + "i": "3", + "w": 12, + "x": 36, + "y": 8 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "3", - "w": 12, - "x": 36, - "y": 8 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "4", - "w": 12, - "x": 24, - "y": 8 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.response.result.type", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "4", + "w": 12, + "x": 24, + "y": 8 + }, + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseTime", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "square root", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "square root" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "9", - "w": 48, - "x": 0, - "y": 16 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 5, + 25, + 50, + 75, + 95 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "9", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCount", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "square root", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 8, - "i": "10", - "w": 36, - "x": 12, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "10", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra Ops", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "11", - "w": 12, - "x": 12, - "y": 8 + { + "enabled": true, + "id": "2", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "11", + "w": 12, + "x": 12, + "y": 8 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCountStackByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "15", - "w": 48, - "x": 0, - "y": 24 + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "15", + "w": 48, + "x": 0, + "y": 24 + }, + "panelIndex": "15", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 8, - "i": "16", - "w": 48, - "x": 0, - "y": 32 + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "16", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "16", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra RequestCountByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": "13", + "scale": "log", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 12, - "i": "17", - "w": 24, - "x": 0, - "y": 40 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "gridData": { - "h": 12, - "i": "18", - "w": 24, - "x": 24, - "y": 40 + { + "enabled": true, + "id": "3", + "params": { + "field": "cassandra.request.headers.op", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 0, + "y": 40 + }, + "panelIndex": "17", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Cassandra ResponseCountByType", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "radiusRatio": "15", + "scale": "log", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "19", - "w": 12, - "x": 0, - "y": 0 + "type": "line", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "columns": [ - "cassandra.request.query", - "cassandra.response.result.rows.meta.keyspace", - "cassandra.response.result.rows.meta.table", - "cassandra.response.result.rows.num_rows" - ], - "enhancements": {}, - "sort": [ - "@timestamp", - "desc" - ] + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "gridData": { - "h": 12, - "i": "20", - "w": 48, - "x": 0, - "y": 52 + { + "id": "3", + "params": { + "field": "cassandra.response.headers.op", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "20", - "panelRefName": "panel_20", - "type": "search", - "version": "7.3.0" + { + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Cassandra", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-cassandra-responsekeyspace", - "name": "3:panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-responsetype", - "name": "4:panel_4", - "type": "visualization" + } }, - { - "id": "network_traffic-cassandra-responsetime", - "name": "9:panel_9", - "type": "visualization" + "gridData": { + "h": 12, + "i": "18", + "w": 24, + "x": 24, + "y": 40 }, - { - "id": "network_traffic-cassandra-requestcount", - "name": "10:panel_10", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-ops", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-requestcountstackbytype", - "name": "15:panel_15", - "type": "visualization" - }, - { - "id": "network_traffic-cassandra-responsecountstackbytype", - "name": "16:panel_16", - "type": "visualization" + "panelIndex": "18", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-cassandra-requestcountbytype", - "name": "17:panel_17", - "type": "visualization" + "gridData": { + "h": 16, + "i": "19", + "w": 12, + "x": 0, + "y": 0 }, - { - "id": "network_traffic-cassandra-responsecountbytype", - "name": "18:panel_18", - "type": "visualization" + "panelIndex": "19", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "columns": [ + "cassandra.request.query", + "cassandra.response.result.rows.meta.keyspace", + "cassandra.response.result.rows.meta.table", + "cassandra.response.result.rows.num_rows" + ], + "enhancements": {}, + "sort": [ + "@timestamp", + "desc" + ] }, - { - "id": "network_traffic-navigation", - "name": "19:panel_19", - "type": "visualization" + "gridData": { + "h": 12, + "i": "20", + "w": 48, + "x": 0, + "y": 52 }, - { - "id": "network_traffic-cassandra-queryview", - "name": "20:panel_20", - "type": "search" - } + "panelIndex": "20", + "panelRefName": "panel_20", + "type": "search", + "version": "7.3.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Cassandra", + "version": 1 + }, + "references": [ + { + "id": "network_traffic-cassandra-queryview", + "name": "20:panel_20", + "type": "search" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "9:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "10:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "11:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "15:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "15:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "16:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "16:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "17:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "17:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + }, + { + "type": "index-pattern", + "name": "18:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "18:search_0", + "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json b/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json index ef7496f86ae..cc01fa81a36 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-dashboard.json @@ -1,286 +1,1452 @@ { - "attributes": { - "description": "Network Packet Capture overview dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-dashboard", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcxOSwxXQ==", + "attributes": { + "description": "Network Packet Capture overview dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 10, + "i": "1", + "w": 12, + "x": 12, + "y": 20 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 12, - "x": 12, - "y": 20 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.17.0" + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Transaction Types", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "2", - "w": 12, - "x": 36, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.dataset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.type", + "negate": true, + "params": { + "query": "flow", + "type": "phrase" + }, + "type": "phrase", + "value": "flow" + }, + "query": { + "match": { + "event.type": { + "query": "flow", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "agent.type:packetbeat" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "2", + "w": 12, + "x": 36, + "y": 20 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 0, - "y": 45 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 95, + 99 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 0, + "y": 45 + }, + "panelIndex": "5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Errors count over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 0, - "y": 60 + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "30s", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.17.0" + { + "id": "3", + "params": { + "field": "type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Errors vs successful transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "percentage", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "percentage", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 45 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 45 + }, + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Latency Histogram", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "extended_bounds": {}, + "field": "event.duration", + "interval": 10000000 + }, + "schema": "segment", + "type": "histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Response times repartition", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "10", - "w": 48, - "x": 0, - "y": 30 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "extended_bounds": {}, + "field": "event.duration", + "interval": 10000000 + }, + "schema": "group", + "type": "histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "10", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "11", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] DNS Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Avg Response Time" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 20, - "i": "11", - "w": 12, - "x": 0, - "y": 0 + { + "data": { + "id": "3", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "lineWidth": 3.5, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Avg Response Time" + }, + "type": "value" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.17.0" + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 10, - "i": "12", - "w": 12, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "12", + "w": 12, + "x": 0, + "y": 20 + }, + "panelIndex": "12", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Sessions", + "description": "", + "uiState": { + "vis": { + "colors": { + "false": "#E24D42", + "true": "#7EB26D" }, - "gridData": { - "h": 10, - "i": "13", - "w": 12, - "x": 24, - "y": 20 + "legendOpen": false + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.17.0" + "valueAxis": "ValueAxis-1" + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3f5bc195-da9d-4ec8-a68f-896db321a54b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9638dc3f-f85a-4e68-8e14-25654df43f8e\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"220c104b-34a8-4aa7-a3d6-7b56ad4d3b9e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":2.4,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"agent.type:packetbeat\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "[Network Packet Capture] Map 2", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 40.9799, - "maxLon": 90, - "minLat": 0, - "minLon": -90 - }, - "mapCenter": { - "lat": 19.94277, - "lon": 0, - "zoom": 2.4 - }, - "openTOCDetails": [] + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "92e797bb-1975-4320-9d19-9b7f11e9e538", - "w": 36, - "x": 12, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sessions per minute", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "92e797bb-1975-4320-9d19-9b7f11e9e538", - "title": "[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)", - "type": "map", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Handshake completed", + "field": "tls.established", + "json": "", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Overview", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dashboard", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-web-transactions", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-db-transactions", - "name": "2:panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-response-times-percentiles", - "name": "5:panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-errors-count-over-time", - "name": "6:panel_6", - "type": "visualization" + } }, - { - "id": "network_traffic-errors-vs-successful-transactions", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 10, + "i": "13", + "w": 12, + "x": 24, + "y": 20 }, - { - "id": "network_traffic-latency-histogram", - "name": "8:panel_8", - "type": "visualization" + "panelIndex": "13", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"3f5bc195-da9d-4ec8-a68f-896db321a54b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9638dc3f-f85a-4e68-8e14-25654df43f8e\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"client.geo.location\",\"id\":\"220c104b-34a8-4aa7-a3d6-7b56ad4d3b9e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":2.4,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"agent.type:packetbeat\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "[Network Packet Capture] Map 2", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 40.9799, + "maxLon": 90, + "minLat": 0, + "minLon": -90 + }, + "mapCenter": { + "lat": 19.94277, + "lon": 0, + "zoom": 2.4 + }, + "openTOCDetails": [] }, - { - "id": "network_traffic-response-times-repartition", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 20, + "i": "92e797bb-1975-4320-9d19-9b7f11e9e538", + "w": 36, + "x": 12, + "y": 0 }, - { - "id": "network_traffic-navigation", - "name": "11:panel_11", - "type": "visualization" - }, - { - "id": "network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e", - "name": "12:panel_12", - "type": "visualization" - }, - { - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "name": "13:panel_13", - "type": "visualization" - }, - { - "id": "logs-*", - "name": "92e797bb-1975-4320-9d19-9b7f11e9e538:layer_1_source_index_pattern", - "type": "index-pattern" - } + "panelIndex": "92e797bb-1975-4320-9d19-9b7f11e9e538", + "title": "[Network Packet Capture] Client IP Locations (requires GeoIP enrichment)", + "type": "map", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "92e797bb-1975-4320-9d19-9b7f11e9e538:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-transactions-errors" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "10:search_0", + "id": "network_traffic-search" + }, + { + "type": "search", + "name": "12:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "13:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json b/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json index 07f0ceeb106..b2528b8bba5 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-dns-unique-domains.json @@ -1,146 +1,503 @@ { - "attributes": { - "description": "Detecting tunneling over DNS.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "NOT dns.question.type:PTR" + "id": "network_traffic-dns-unique-domains", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMCwxXQ==", + "attributes": { + "description": "Detecting tunneling over DNS.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "NOT dns.question.type:PTR" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "colors": { + "Count": "#1F78C1", + "Unique Subdomain Count": "#EF843C", + "Unique count of dns.question.name": "#E0752D" + }, + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", + "description": "", + "uiState": { + "vis": { + "colors": { + "Count": "#1F78C1", + "Unique count of dns.question.name": "#E0752D" + } + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": true, + "legendPosition": "right", + "mode": "grouped", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Subdomain Count", + "field": "dns.question.name" + }, + "schema": "metric", + "type": "cardinality" }, - "version": true + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Domains", + "field": "dns.question.etld_plus_one", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "colors": { - "Count": "#1F78C1", - "Unique Subdomain Count": "#EF843C", - "Unique count of dns.question.name": "#E0752D" - }, - "legendOpen": false - } + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "1", - "w": 48, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ETLD+1", + "field": "dns.question.etld_plus_one", + "order": "desc", + "orderBy": "1", + "size": 20 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Unique Domains", + "field": "dns.question.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] Bytes Transferred per Domain", + "description": "", + "uiState": { + "vis": { + "colors": { + "Bytes In": "#F2C96D", + "Bytes Out": "#629E51", + "Count": "#1F78C1", + "Unique count of dns.question.name": "#E0752D" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 20, - "i": "2", - "w": 24, - "x": 0, - "y": 35 + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": true, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "grouped", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Bytes Out" + }, + "mode": "normal", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "3", + "label": "Bytes In" + }, + "mode": "normal", + "show": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "grouped", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes Out", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "4", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Domains", + "field": "dns.question.etld_plus_one", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "4", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes In", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top Domains by Data Volume", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes In", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 20, - "i": "5", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ETLD+1", + "field": "dns.question.etld_plus_one", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "3", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes Out", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.dns" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] DNS Tunneling", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-unique-domains", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-unique-fqdns-per-etld-1", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-unique-fqdns-per-etld-1-table", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-bytes-transferred-per-domain", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 20, + "i": "5", + "w": 24, + "x": 24, + "y": 35 }, - { - "id": "network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d", - "name": "panel_3", - "type": "visualization" - } + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] DNS Tunneling", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-flows.json b/packages/network_traffic/kibana/dashboard/network_traffic-flows.json index 03ecdc79499..feecc61b476 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-flows.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-flows.json @@ -1,141 +1,666 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-flows", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Hosts Creating Traffic", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Source Bytes" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 35, + "i": "1", + "w": 24, + "x": 0, + "y": 25 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 35, - "i": "1", - "w": 24, - "x": 0, - "y": 25 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Connections over time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique Flows" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "3", - "w": 36, - "x": 12, - "y": 0 + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Unique Flows", + "field": "flow.id" + }, + "schema": "metric", + "type": "cardinality" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "3", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Hosts Receiving Traffic", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Destination Bytes" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Destination Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 35, - "i": "4", - "w": 24, - "x": 24, - "y": 25 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 35, + "i": "4", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Traffic Between Hosts", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Source Bytes", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Destination Bytes", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 35, - "i": "5", - "w": 48, - "x": 0, - "y": 60 + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Network Flows", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-flows", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-top-hosts-creating-traffic", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-connections-over-time", - "name": "panel_2", - "type": "visualization" + "gridData": { + "h": 35, + "i": "5", + "w": 48, + "x": 0, + "y": 60 }, - { - "id": "network_traffic-top-hosts-receiving-traffic", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-network-traffic-between-your-hosts", - "name": "panel_4", - "type": "visualization" - } + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Network Flows", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-flows-search" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-flows-search" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-http.json b/packages/network_traffic/kibana/dashboard/network_traffic-http.json index 5f74aac099f..5f06c0ba487 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-http.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-http.json @@ -1,186 +1,905 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-http", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP Transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 36, + "x": 12, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP error codes", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique count of type" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "type" + }, + "schema": "metric", + "type": "cardinality" }, - "gridData": { - "h": 15, - "i": "2", - "w": 24, - "x": 0, - "y": 35 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "3", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "type", + "negate": false, + "params": { + "query": "http", + "type": "phrase" + }, + "type": "phrase", + "value": "http" + }, + "query": { + "match": { + "network.protocol": { + "query": "http", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ] }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.http and http.response.status_code >= 300" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP error codes evolution", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "4", - "w": 12, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.protocol", + "negate": false, + "params": { + "query": "http", + "type": "phrase" + }, + "type": "phrase", + "value": "http" + }, + "query": { + "match": { + "network.protocol": { + "query": "http", + "type": "phrase" } + } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "http.response.status_code", + "negate": true, + "params": { + "gte": 200, + "lt": 299 + }, + "type": "range", + "value": "200 to 299" + }, + "range": { + "http.response.status_code": { + "gte": 200, + "lte": 299 + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ] }, - "gridData": { - "h": 15, - "i": "5", - "w": 12, - "x": 0, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.http" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + }, + "savedVis": { + "title": "[Network Packet Capture] Total number of HTTP transactions", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "fontSize": "37", + "handleNoResults": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 15, - "i": "6", - "w": 36, - "x": 12, - "y": 20 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 25, - "i": "7", - "w": 48, - "x": 0, - "y": 50 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] HTTP", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-web-transactions", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "network_traffic-http-error-codes", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 0, + "y": 20 }, - { - "id": "network_traffic-http-error-codes-evolution", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] HTTP status codes for the top queries", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": false, + "shareYAxis": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "HTTP Query", + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "HTTP Status Code", + "field": "http.response.status_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-navigation", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 15, + "i": "6", + "w": 36, + "x": 12, + "y": 20 }, - { - "id": "network_traffic-total-number-of-http-transactions", - "name": "panel_4", - "type": "visualization" + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top 10 HTTP requests", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "url.full", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-http-codes-for-the-top-queries", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 25, + "i": "7", + "w": 48, + "x": 0, + "y": 50 }, - { - "id": "network_traffic-top-10-http-requests", - "name": "panel_6", - "type": "visualization" - } + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] HTTP", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json index 21d19341d65..2dc45c1cac7 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-mongodb-performance.json @@ -1,201 +1,1177 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-mongodb-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyMywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "row": true, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "spyPerPage": 10, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "1", - "w": 12, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 3 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB Commands", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "silhouette", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "silhouette", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB errors per collection", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "spyPerPage": 10, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "3", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB in/out throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of source.bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "4", + "label": "Sum of destination.bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "4", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MongoDB response times by collection", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": false, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": "9", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "drawLinesBetweenPoints": false, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": "9", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "5", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 99 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "resource", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "6", + "w": 32, + "x": 0, + "y": 35 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Top slowest MongoDB queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 25, - "i": "6", - "w": 32, - "x": 0, - "y": 35 - }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 25, - "i": "7", - "w": 16, - "x": 32, - "y": 35 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 99 + ] + }, + "schema": "metric", + "type": "percentiles" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "7", + "w": 16, + "x": 32, + "y": 35 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] MongoDB", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] MongoDB", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-mongodb-transactions" }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-errors", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-commands", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-errors-per-collection", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-in-slash-out-throughput", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-mongodb-response-times-by-collection", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-top-slowest-mongodb-queries", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-mongodb-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-mongodb-transactions-with-write-concern-0" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json index 937c85b7fb9..0910fa61a77 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-mysql-performance.json @@ -1,209 +1,999 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-mysql-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 20, + "x": 12, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Methods", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "wiggle", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "wiggle", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "2", - "w": 16, - "x": 32, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "3", - "w": 12, - "x": 0, - "y": 0 + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of destination.bytes" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "3", + "label": "Sum of source.bytes" + }, + "mode": "normal", + "show": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "4", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "3", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "4", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Most frequent MySQL queries", + "description": "", + "uiState": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "table", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 30, - "i": "5", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "id": "2", + "params": { + "field": "query", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 30, + "i": "5", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest MySQL queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "gridData": { - "h": 30, - "i": "6", - "w": 24, - "x": 24, - "y": 50 - }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 15, - "i": "7", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 30, + "i": "6", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Mysql response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] + }, + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] MySQL Reads vs Writes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "8", - "w": 24, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "method: SELECT" + } + }, + { + "input": { + "language": "lucene", + "query": "method: INSERT OR method: UPDATE OR method: DELETE" + } + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] MySQL performance", - "version": 1 + } + }, + "gridData": { + "h": 15, + "i": "8", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] MySQL performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-mysql-errors" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-mysql-transactions" }, - "references": [ - { - "id": "network_traffic-mysql-errors", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-methods", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-throughput", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-most-frequent-mysql-queries", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-slowest-mysql-queries", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-response-times-percentiles", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-mysql-reads-vs-writes", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-mysql-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-mysql-transactions" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json b/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json index 8eeec1dad20..7adfcf97cb9 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-nfs.json @@ -1,242 +1,999 @@ { - "attributes": { - "description": "NFSv3 and NFSv4 transactions over TCP.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-nfs", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNSwxXQ==", + "attributes": { + "description": "NFSv3 and NFSv4 transactions over TCP.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS clients pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.machinename", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 25, + "i": "1", + "w": 16, + "x": 16, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 25, - "i": "1", - "w": 16, - "x": 16, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] NFS operations area chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "interpolate": "linear", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "smoothLines": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "3", - "w": 24, - "x": 0, - "y": 55 + { + "id": "2", + "params": { + "field": "nfs.opcode", + "order": "desc", + "orderBy": "1", + "size": 16 + }, + "schema": "group", + "type": "terms" }, - "panelIndex": "3", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "id": "3", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 24, + "x": 0, + "y": 55 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "spy": { + "mode": { + "fill": false, + "name": null + } + }, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS top group pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "spy": { - "mode": { - "fill": false, - "name": null - } - }, - "vis": { - "legendOpen": true - } + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "4", - "w": 16, - "x": 32, - "y": 0 - }, - "panelIndex": "4", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.gid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS top users pie chart", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "shareYAxis": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } - }, - "gridData": { - "h": 15, - "i": "5", - "w": 16, - "x": 32, - "y": 10 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "5", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "rpc.cred.uid", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 16, + "x": 32, + "y": 10 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": false + }, + "savedVis": { + "title": "[Network Packet Capture] NFS response times", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": true, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": "9", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Median event.duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "normal", + "radiusRatio": "9", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": true, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Median event.duration" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 24, - "y": 25 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 50 + ] + }, + "schema": "metric", + "type": "median" }, - "panelIndex": "6", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 24, + "y": 25 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] NFS errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "7", - "w": 24, - "x": 24, - "y": 40 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "nfs.status", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 12 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 40 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] NFS operation table", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Avg Response Time", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "gridData": { - "h": 20, - "i": "8", - "w": 24, - "x": 24, - "y": 55 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Opcode", + "field": "nfs.opcode", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 16 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "8", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "8", + "w": 24, + "x": 24, + "y": 55 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "legendOpen": true + }, + "savedVis": { + "title": "[Network Packet Capture] NFS Request / Response Sizes", + "description": "", + "uiState": { + "vis": { + "colors": { + "Sum of rpc.reply_size": "#7EB26D" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "legendOpen": true - } + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "drawLinesBetweenPoints": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Request Size" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "radiusRatio": 9, + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" }, - "gridData": { - "h": 30, - "i": "9", - "w": 24, - "x": 0, - "y": 25 - }, - "panelIndex": "9", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "2", + "label": "Response Size" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": false, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Request Size", + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 25, - "i": "10", - "w": 16, - "x": 0, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Response Size", + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "10", - "panelRefName": "panel_8", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] NFS", - "version": 1 + } + }, + "gridData": { + "h": 30, + "i": "9", + "w": 24, + "x": 0, + "y": 25 + }, + "panelIndex": "9", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 25, + "i": "10", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "10", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] NFS", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "1:search_0", + "id": "network_traffic-nfs" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-nfs" }, - "references": [ - { - "id": "network_traffic-nfs-clients-pie-chart", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-operations-area-chart", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-top-group-pie-chart", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-top-users-pie-chart", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-response-times", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-errors", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-operation-table", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-nfs-bytes-in-slash-out", - "name": "panel_7", - "type": "visualization" - }, - { - "id": "network_traffic-navigation", - "name": "panel_8", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-nfs-errors-search" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-nfs" + }, + { + "type": "search", + "name": "9:search_0", + "id": "network_traffic-nfs" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json index 3a43fc2e288..6962112234c 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-pgsql-performance.json @@ -1,209 +1,1024 @@ { - "attributes": { - "description": "Postgres database query performance.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-pgsql-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNiwxXQ==", + "attributes": { + "description": "Postgres database query performance.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 20, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "1", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-SNAPSHOT" + "panelIndex": "1", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2", - "w": 20, - "x": 12, - "y": 0 + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Methods", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "wiggle", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "wiggle", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 20, - "i": "3", - "w": 16, - "x": 32, - "y": 0 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 20, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "gridData": { - "h": 15, - "i": "4", - "w": 48, - "x": 0, - "y": 20 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 48, + "x": 0, + "y": 20 + }, + "panelIndex": "4", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Throughput", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Sum of destination.bytes" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-SNAPSHOT" + { + "data": { + "id": "2", + "label": "Sum of source.bytes" + }, + "mode": "normal", + "show": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "destination.bytes" + }, + "schema": "metric", + "type": "sum" }, - "gridData": { - "h": 15, - "i": "5", - "w": 24, - "x": 24, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "field": "source.bytes" + }, + "schema": "metric", + "type": "sum" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 35 + }, + "panelIndex": "5", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] PgSQL Reads vs Writes", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "isVislibVis": true, + "legendPosition": "right", + "mode": "stacked", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "6", - "w": 24, - "x": 0, - "y": 35 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } + { + "enabled": true, + "id": "3", + "params": { + "filters": [ + { + "input": { + "language": "lucene", + "query": "method: SELECT" } - } - }, - "gridData": { - "h": 30, - "i": "7", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } + }, + { + "input": { + "language": "lucene", + "query": "method: INSERT OR method: UPDATE OR method: DELETE" } - } + } + ] + }, + "schema": "group", + "type": "filters" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 35 + }, + "panelIndex": "6", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Most frequent PgSQL queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 30, - "i": "8", - "w": 24, - "x": 24, - "y": 50 + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 30, + "i": "7", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "7", + "version": "7.17.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest PgSQL Queries", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Average Response Time (ns)", + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "8", - "panelRefName": "panel_7", - "version": "7.0.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] PgSQL performance", - "version": 1 + } + }, + "gridData": { + "h": 30, + "i": "8", + "w": 24, + "x": 24, + "y": 50 + }, + "panelIndex": "8", + "version": "7.17.0", + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Network Packet Capture] PgSQL performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-pgsql-errors" }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-performance", - "migrationVersion": { - "dashboard": "7.17.0" + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-pgsql-transactions" }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-errors", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-methods", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-response-times-percentiles", - "name": "panel_3", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-throughput", - "name": "panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-pgsql-reads-vs-writes", - "name": "panel_5", - "type": "visualization" - }, - { - "id": "network_traffic-most-frequent-pgsql-queries", - "name": "panel_6", - "type": "visualization" - }, - { - "id": "network_traffic-slowest-pgsql-queries", - "name": "panel_7", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-pgsql-transactions" + }, + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-pgsql-transactions" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json b/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json index da5a36f1f3e..095b175fb40 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-thrift-performance.json @@ -1,188 +1,552 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-thrift-performance", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyNywxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false + "gridData": { + "h": 16, + "i": "1", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "1", - "w": 12, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.3.0" + "panelIndex": "1", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift requests per minute", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "2", - "w": 20, - "x": 12, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.3.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "3", - "w": 16, - "x": 32, - "y": 0 + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.3.0" + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "m", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "2", + "w": 20, + "x": 12, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift RPC Errors", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "interpolate": "linear", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "smoothLines": false, + "times": [], + "yAxis": {} }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } + "type": "area", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "4", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + { + "id": "2", + "params": { + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [] + } + } + } + }, + "gridData": { + "h": 16, + "i": "3", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "3", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + }, + "savedVis": { + "title": "[Network Packet Capture] Slowest Thrift RPC methods", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "5", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "6", - "w": 24, - "x": 0, - "y": 28 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration" + }, + "schema": "metric", + "type": "avg" }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "method", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 24, + "x": 0, + "y": 16 + }, + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Thrift response times percentiles", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Percentiles of event.duration" + }, + "mode": "normal", + "show": "true", + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "shareYAxis": true, + "times": [], + "type": "line", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Percentiles of event.duration" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "7", - "w": 24, - "x": 24, - "y": 28 + "type": "line", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "event.duration", + "percents": [ + 75, + 99, + 99.5 + ] + }, + "schema": "metric", + "type": "percentiles" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] Thrift performance", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-performance", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "network_traffic-thrift-requests-per-minute", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 12, + "i": "5", + "w": 24, + "x": 24, + "y": 16 }, - { - "id": "network_traffic-thrift-rpc-errors", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "5", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Thrift-RPC methods ", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "id": "2", + "params": { + "field": "method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "network_traffic-slowest-thrift-rpc-methods", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 16, + "i": "6", + "w": 24, + "x": 0, + "y": 28 }, - { - "id": "network_traffic-thrift-response-times-percentiles", - "name": "5:panel_5", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Top Thrift-RPC calls with errors", + "description": "", + "params": { + "addLegend": false, + "addTooltip": true, + "defaultYExtents": false, + "mode": "stacked", + "shareYAxis": true + }, + "type": "histogram", + "data": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "id": "2", + "params": { + "field": "method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [] + } + } + } }, - { - "id": "network_traffic-top-thrift-rpc-methods", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 16, + "i": "7", + "w": 24, + "x": 24, + "y": 28 }, - { - "id": "network_traffic-top-thrift-rpc-calls-with-errors", - "name": "7:panel_7", - "type": "visualization" - } + "panelIndex": "7", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] Thrift performance", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "2:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "3:search_0", + "id": "network_traffic-thrift-errors" + }, + { + "type": "search", + "name": "4:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "5:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "6:search_0", + "id": "network_traffic-thrift-transactions" + }, + { + "type": "search", + "name": "7:search_0", + "id": "network_traffic-thrift-errors" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json b/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json index 5160933bc91..2fdee9b0d3a 100644 --- a/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json +++ b/packages/network_traffic/kibana/dashboard/network_traffic-tls-sessions.json @@ -1,307 +1,1241 @@ { - "attributes": { - "description": "[Network Packet Capture] TLS Sessions", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "network_traffic-tls-sessions", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-10-27T20:54:04.747Z", + "version": "WzcyOCwxXQ==", + "attributes": { + "description": "[Network Packet Capture] TLS Sessions", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Navigation", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "useMargins": false + "gridData": { + "h": 16, + "i": "4", + "w": 12, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "4", - "w": 12, - "x": 0, - "y": 0 + "panelIndex": "4", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Sessions", + "description": "", + "uiState": { + "vis": { + "colors": { + "false": "#E24D42", + "true": "#7EB26D" }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.3.0" + "legendOpen": false + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" }, - "gridData": { - "h": 16, - "i": "8", - "w": 36, - "x": 12, - "y": 0 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.3.0" + "valueAxis": "ValueAxis-1" + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "9", - "w": 12, - "x": 12, - "y": 28 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sessions per minute", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Handshake completed", + "field": "tls.established", + "json": "", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 16, + "i": "8", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "8", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Alerts", + "description": "", + "uiState": { + "vis": { + "colors": { + "None": "#7EB26D", + "handshake_failure": "#E24D42" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "10", - "w": 12, - "x": 0, - "y": 16 - }, - "panelIndex": "10", - "panelRefName": "panel_10", - "type": "visualization", - "version": "7.3.0" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "11", - "w": 48, - "x": 0, - "y": 40 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "11", - "panelRefName": "panel_11", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "tls.detailed.alert_types", + "include": ".*", + "json": "{\"missing\": \"None\"}", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"exists\":{\"field\":\"tls\"}}" + }, + "query": { + "exists": { + "field": "tls" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.tls" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "9", + "w": 12, + "x": 12, + "y": 28 + }, + "panelIndex": "9", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] Total Number of TLS Sessions", + "description": "", + "uiState": { + "P-5": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "P-7": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 12, - "i": "12", - "w": 12, - "x": 24, - "y": 28 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "12", - "panelRefName": "panel_12", - "type": "visualization", - "version": "7.3.0" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "13", - "w": 12, - "x": 36, - "y": 28 - }, - "panelIndex": "13", - "panelRefName": "panel_13", - "type": "visualization", - "version": "7.3.0" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "tls.established" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "tls.established", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "data_stream.dataset:network_traffic.tls" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "10", + "w": 12, + "x": 0, + "y": 16 + }, + "panelIndex": "10", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Name Indication", + "description": "", + "uiState": {}, + "params": { + "hideLabel": false, + "maxFontSize": 64, + "minFontSize": 14, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "14", - "w": 12, - "x": 0, - "y": 28 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "14", - "panelRefName": "panel_14", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Server Name Indication", + "field": "tls.client.server_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "11", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "11", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Versions", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 0, - "y": 52 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "15", - "panelRefName": "panel_15", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "TLS version", + "field": "tls.detailed.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "12", + "w": 12, + "x": 24, + "y": 28 + }, + "panelIndex": "12", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Public Key Size", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "16", - "w": 24, - "x": 0, - "y": 64 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "16", - "panelRefName": "panel_16", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Public Key Size", + "field": "tls.server.x509.public_key_size", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "13", + "w": 12, + "x": 36, + "y": 28 + }, + "panelIndex": "13", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Session Resume", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "17", - "w": 24, - "x": 24, - "y": 52 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "17", - "panelRefName": "panel_17", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "2", + "params": { + "exclude": "", + "field": "tls.detailed.resumption_method", + "json": "{\n\"missing\": \"none\"\n}", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "14", + "w": 12, + "x": 0, + "y": 28 + }, + "panelIndex": "14", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Server Certificates", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "18", - "w": 24, - "x": 24, - "y": 64 - }, - "panelIndex": "18", - "panelRefName": "panel_18", - "type": "visualization", - "version": "7.3.0" + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "19", - "w": 36, - "x": 12, - "y": 16 + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Subject Common Name", + "field": "tls.server.x509.subject.common_name", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "19", - "panelRefName": "panel_19", - "type": "visualization", - "version": "7.3.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Organization", + "field": "tls.server.x509.subject.organization", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Network Packet Capture] TLS Sessions", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-tls-sessions", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-navigation", - "name": "4:panel_4", - "type": "visualization" - }, - { - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "name": "8:panel_8", - "type": "visualization" - }, - { - "id": "network_traffic-c14377a0-d353-11e7-9914-4982455b3063", - "name": "9:panel_9", - "type": "visualization" + } }, - { - "id": "network_traffic-061de380-d361-11e7-9914-4982455b3063", - "name": "10:panel_10", - "type": "visualization" + "gridData": { + "h": 12, + "i": "15", + "w": 24, + "x": 0, + "y": 52 }, - { - "id": "network_traffic-a28d09d0-d361-11e7-9914-4982455b3063", - "name": "11:panel_11", - "type": "visualization" + "panelIndex": "15", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Client Certificates", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Subject Common Name", + "field": "tls.client.x509.subject.common_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Signature Algorithm", + "field": "tls.client.x509.signature_algorithm", + "json": "{ \"missing\": \"N/A\" }", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-0af0b790-d37d-11e7-9914-4982455b3063", - "name": "12:panel_12", - "type": "visualization" + "gridData": { + "h": 12, + "i": "16", + "w": 24, + "x": 0, + "y": 64 }, - { - "id": "network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063", - "name": "13:panel_13", - "type": "visualization" + "panelIndex": "16", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Cipher", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Cipher", + "field": "tls.cipher", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-2c467370-d392-11e7-8fa0-232aa9259081", - "name": "14:panel_14", - "type": "visualization" + "gridData": { + "h": 12, + "i": "17", + "w": 24, + "x": 24, + "y": 52 }, - { - "id": "network_traffic-0958a910-d396-11e7-8fa0-232aa9259081", - "name": "15:panel_15", - "type": "visualization" + "panelIndex": "17", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Fingerprint", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "JA3 Fingerprint", + "field": "tls.client.ja3", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-86743f90-d396-11e7-8fa0-232aa9259081", - "name": "16:panel_16", - "type": "visualization" + "gridData": { + "h": 12, + "i": "18", + "w": 24, + "x": 24, + "y": 64 }, - { - "id": "network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961", - "name": "17:panel_17", - "type": "visualization" + "panelIndex": "18", + "type": "visualization", + "version": "7.17.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "[Network Packet Capture] TLS Handshake Latency", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "area", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Handshake Latency (ns)", + "extended_bounds": {}, + "field": "event.duration", + "interval": 2000000 + }, + "schema": "segment", + "type": "histogram" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.duration", + "negate": false, + "params": { + "gte": 0, + "lt": 1000000000 + }, + "type": "range", + "value": "0 to 1,000,000,000" + }, + "range": { + "event.duration": { + "gte": 0, + "lt": 1000000000 + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b", - "name": "18:panel_18", - "type": "visualization" + "gridData": { + "h": 12, + "i": "19", + "w": 36, + "x": 12, + "y": 16 }, - { - "id": "network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9", - "name": "19:panel_19", - "type": "visualization" - } + "panelIndex": "19", + "type": "visualization", + "version": "7.17.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Network Packet Capture] TLS Sessions", + "version": 1 + }, + "references": [ + { + "type": "search", + "name": "8:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "10:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "11:search_0", + "id": "network_traffic-94908e80-d2d8-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "12:search_0", + "id": "network_traffic-bf3d23b0-d37c-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "13:search_0", + "id": "network_traffic-8f0ff590-d37d-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "14:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "15:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "16:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "17:search_0", + "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063" + }, + { + "type": "search", + "name": "18:search_0", + "id": "network_traffic-6b1b1360-d49d-11e7-996f-bd7c1ca4591b" + }, + { + "type": "index-pattern", + "name": "19:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "19:search_0", + "id": "network_traffic-8e2af860-d520-11e7-9fff-7b1ebf397ba9" + } + ], + "migrationVersion": { + "dashboard": "7.17.0" + }, + "coreMigrationVersion": "7.17.0" } \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json deleted file mode 100644 index 16e691a1cf3..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Sessions", - "uiStateJSON": { - "vis": { - "colors": { - "false": "#E24D42", - "true": "#7EB26D" - }, - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sessions per minute", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Handshake completed", - "field": "tls.established", - "json": "", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - }, - "valueAxis": "ValueAxis-1" - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] TLS Sessions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json deleted file mode 100644 index 5a0a596e308..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "exists": { - "field": "tls.established" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "tls.established", - "negate": false, - "type": "exists", - "value": "exists" - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.tls" - } - } - }, - "title": "[Network Packet Capture] Total Number of TLS Sessions", - "uiStateJSON": { - "P-5": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "P-7": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] Total Number of TLS Sessions", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-061de380-d361-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json deleted file mode 100644 index df9a04e1dea..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Certificates", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Subject Common Name", - "field": "tls.server.x509.subject.common_name", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Organization", - "field": "tls.server.x509.subject.organization", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Server Certificates", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-0958a910-d396-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json deleted file mode 100644 index 309f0d1ebb9..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Versions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "TLS version", - "field": "tls.detailed.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Versions", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-0af0b790-d37d-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-bf3d23b0-d37c-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json deleted file mode 100644 index 3ea256e545e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Client Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique MACs", - "field": "dhcpv4.client_mac" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Client Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json deleted file mode 100644 index b189fd81fe5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Session Resume", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "exclude": "", - "field": "tls.detailed.resumption_method", - "json": "{\n\"missing\": \"none\"\n}", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Session Resume", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-2c467370-d392-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json deleted file mode 100644 index 7841b7d852a..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Message Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Op Code", - "field": "dhcpv4.op_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Message Type", - "field": "dhcpv4.option.message_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] DHCPv4 Message Types", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json b/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json deleted file mode 100644 index 4a7d62a3d4a..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Cipher", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Cipher", - "field": "tls.cipher", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Cipher", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json deleted file mode 100644 index 602348ca288..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "dhcpv4.option.message_type:nak OR dhcpv4.option.message_type:decline" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 57, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 NAK and Decline Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json deleted file mode 100644 index 2be27f4c9c4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", - "uiStateJSON": { - "vis": { - "colors": { - "Avg Response Time (ns)": "#629E51", - "Max Response Time (ns)": "#E24D42", - "Min Response Time (ns)": "#70DBED" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Min Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "min" - }, - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Max Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "max" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "4", - "label": "Min Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "1", - "label": "Avg Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Max Response Time (ns)" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Average event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] DNS Min/Max/Avg Response Time Histogram", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json deleted file mode 100644 index b8b1ec3f0af..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.dhcpv4" - } - } - }, - "title": "[Network Packet Capture] DHCPv4 Message Types over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "background_color_rules": [ - { - "id": "c2cf4410-8ba8-11e8-ae15-bdcba81344e6" - } - ], - "drop_last_bucket": 1, - "filter": { - "language": "lucene", - "query": "type:dhcpv4" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "ignore_global_filter": 0, - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "NOT dhcpv4.option.message_type:nak NOT dhcpv4.option.message_type:decline" - }, - "formatter": "number", - "id": "8abe6eb0-8ba9-11e8-ae15-bdcba81344e6", - "label": "Response", - "line_width": 1, - "metrics": [ - { - "id": "8abe6eb1-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": 1, - "seperate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "dhcpv4.option.message_type" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "dhcpv4.option.message_type:nak" - }, - "formatter": "number", - "id": "ae5610d0-8ba9-11e8-ae15-bdcba81344e6", - "label": "nak", - "line_width": "4", - "metrics": [ - { - "id": "ae5610d1-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": "3", - "seperate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - }, - { - "axis_position": "right", - "chart_type": "line", - "color": "rgba(244,78,59,1)", - "fill": 0.5, - "filter": { - "language": "lucene", - "query": "dhcpv4.option.message_type:decline" - }, - "formatter": "number", - "id": "cf7ba180-8ba9-11e8-ae15-bdcba81344e6", - "label": "decline", - "line_width": "4", - "metrics": [ - { - "id": "cf7ba181-8ba9-11e8-ae15-bdcba81344e6", - "type": "count" - } - ], - "point_size": "3", - "seperate_axis": 0, - "series_drop_last_bucket": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "[Network Packet Capture] DHCPv4 Message Types over Time", - "type": "metrics" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json b/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json deleted file mode 100644 index 6b055afd63e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Client Certificates", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Subject Common Name", - "field": "tls.client.x509.subject.common_name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Signature Algorithm", - "field": "tls.client.x509.signature_algorithm", - "json": "{ \"missing\": \"N/A\" }", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Client Certificates", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-86743f90-d396-11e7-8fa0-232aa9259081", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json deleted file mode 100644 index e9ca126061d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Name Indication", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Server Name Indication", - "field": "tls.client.server_name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "hideLabel": false, - "maxFontSize": 64, - "minFontSize": 14, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear" - }, - "title": "[Network Packet Capture] TLS Server Name Indication", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-a28d09d0-d361-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-94908e80-d2d8-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json b/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json deleted file mode 100644 index 674b8863725..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Fingerprint", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "JA3 Fingerprint", - "field": "tls.client.ja3", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] TLS Fingerprint", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-6b1b1360-d49d-11e7-996f-bd7c1ca4591b", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json deleted file mode 100644 index 755972ecc09..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Server Public Key Size", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Public Key Size", - "field": "tls.server.x509.public_key_size", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] Server Public Key Size", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-8f0ff590-d37d-11e7-9914-4982455b3063", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json b/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json deleted file mode 100644 index f104bc98be6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Server", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] DNS Client and Servers Pie Chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json b/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json deleted file mode 100644 index 465b0590901..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-bytes-transferred-per-domain.json +++ /dev/null @@ -1,174 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Bytes Transferred per Domain", - "uiStateJSON": { - "vis": { - "colors": { - "Bytes In": "#F2C96D", - "Bytes Out": "#629E51", - "Count": "#1F78C1", - "Unique count of dns.question.name": "#E0752D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes Out", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Domains", - "field": "dns.question.etld_plus_one", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes In", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": true, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "grouped", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Bytes Out" - }, - "mode": "normal", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Bytes In" - }, - "mode": "normal", - "show": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "grouped", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Bytes Transferred per Domain", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-bytes-transferred-per-domain", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json b/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json deleted file mode 100644 index a90effdbdfc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "query", - "negate": false, - "type": "custom", - "value": "{\"exists\":{\"field\":\"tls\"}}" - }, - "query": { - "exists": { - "field": "tls" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.tls" - } - } - }, - "title": "[Network Packet Capture] TLS Alerts", - "uiStateJSON": { - "vis": { - "colors": { - "None": "#7EB26D", - "handshake_failure": "#E24D42" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "tls.detailed.alert_types", - "include": ".*", - "json": "{\"missing\": \"None\"}", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "[Network Packet Capture] TLS Alerts", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-c14377a0-d353-11e7-9914-4982455b3063", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json deleted file mode 100644 index bb6dfc78698..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-ops.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra Ops", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra Ops", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-ops", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json deleted file mode 100644 index cec2f62e5ed..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcount.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCount", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": 9, - "scale": "square root", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCount", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcount", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json deleted file mode 100644 index cb88eaa3723..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountbytype.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCountByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "legendPosition": "right", - "radiusRatio": "13", - "scale": "log", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCountByType", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcountbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json deleted file mode 100644 index bd87104c182..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra RequestCountStackByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.request.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra RequestCountStackByType", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-requestcountstackbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json deleted file mode 100644 index c35009eb519..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountbytype.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseCountByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "group", - "type": "terms" - }, - { - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "radiusRatio": "15", - "scale": "log", - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra: ResponseCountByType", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsecountbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json deleted file mode 100644 index 6379115c7fb..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.headers.op", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "legendPosition": "right", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra ResponseCountStackByType", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsecountstackbytype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json deleted file mode 100644 index b89f48c4161..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsekeyspace.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseKeyspace", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.response.result.rows.meta.keyspace", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "cassandra.response.result.rows.meta.table", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra ResponseKeyspace", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsekeyspace", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json deleted file mode 100644 index ed83cc15afc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetime.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseTime", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 5, - 25, - 50, - 75, - 95 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "square root", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "square root" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Cassandra ResponseTime", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsetime", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json b/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json deleted file mode 100644 index 1b53e4081d7..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-cassandra-responsetype.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Cassandra ResponseType", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "cassandra.response.result.type", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true - }, - "title": "[Network Packet Capture] Cassandra ResponseType", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-cassandra-responsetype", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json deleted file mode 100644 index 9a20ff5d47f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-connections-over-time.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Connections over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Flows", - "field": "flow.id" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Unique Flows" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Connections over time", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-connections-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json deleted file mode 100644 index 20f780f259e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Transaction Count", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Transactions", - "field": "dhcpv4.transaction_id" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Transaction Count", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json b/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json deleted file mode 100644 index 0b0a3bf08c6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.duration", - "negate": false, - "params": { - "gte": 0, - "lt": 1000000000 - }, - "type": "range", - "value": "0 to 1,000,000,000" - }, - "range": { - "event.duration": { - "gte": 0, - "lt": 1000000000 - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] TLS Handshake Latency", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Handshake Latency (ns)", - "extended_bounds": {}, - "field": "event.duration", - "interval": 2000000 - }, - "schema": "segment", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] TLS Handshake Latency", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-8e2af860-d520-11e7-9fff-7b1ebf397ba9", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json deleted file mode 100644 index d021c8b825d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-db-transactions.json +++ /dev/null @@ -1,187 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.type", - "negate": true, - "params": { - "query": "flow", - "type": "phrase" - }, - "type": "phrase", - "value": "flow" - }, - "query": { - "match": { - "event.type": { - "query": "flow", - "type": "phrase" - } - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "agent.type:packetbeat" - } - } - }, - "title": "[Network Packet Capture] Transaction Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.dataset", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Transaction Types", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-db-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json b/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json deleted file mode 100644 index 3d5fa39120c..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.dns" - } - } - }, - "title": "[Network Packet Capture] Top Domains by Data Volume", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Bytes In", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ETLD+1", - "field": "dns.question.etld_plus_one", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "3", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Bytes Out", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top Domains by Data Volume", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json deleted file mode 100644 index cbbedc454b4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-query-summary.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Query Summary", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Client Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Server Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Avg Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "17", - "handleNoResults": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 28, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DNS Query Summary", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-query-summary", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json deleted file mode 100644 index df0bf89ebd1..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-question-types.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Question Types", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] DNS Question Types", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-question-types", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json deleted file mode 100644 index c19ecc67df2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-request-status-over-time.json +++ /dev/null @@ -1,172 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Request Status Over Time", - "uiStateJSON": { - "vis": { - "colors": { - "Error": "#890F02", - "OK": "#0A50A1" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] DNS Request Status Over Time", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-request-status-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json deleted file mode 100644 index fc100e73d55..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-response-codes.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlight": { - "fields": { - "*": {} - }, - "fragment_size": 2147483647, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ], - "require_field_match": false - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Response Codes", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Response Code", - "field": "dns.response_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] DNS Response Codes", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-response-codes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json b/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json deleted file mode 100644 index 7f96e6d39ce..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-dns-top-10-questions.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "status", - "negate": false, - "params": { - "query": "OK", - "type": "phrase" - }, - "type": "phrase", - "value": "OK" - }, - "query": { - "match": { - "status": { - "query": "OK", - "type": "phrase" - } - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "fragment_size": 2147483647, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ], - "require_field_match": false - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Top 10 Questions", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Question", - "field": "dns.question.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 30 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] DNS Top 10 Questions", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-dns-top-10-questions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json b/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json deleted file mode 100644 index e728c0f68a6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DNS Transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Avg Response Time" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "lineWidth": 3.5, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-2" - } - ], - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Avg Response Time" - }, - "type": "value" - }, - { - "id": "ValueAxis-2", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "RightAxis-1", - "position": "right", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] DNS Transactions", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json b/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json deleted file mode 100644 index a3f5d248055..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-errors-count-over-time.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Errors count over time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "30s", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "id": "3", - "params": { - "field": "type", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] New Visualization", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-errors-count-over-time", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-transactions-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json deleted file mode 100644 index e3ae9f1ce84..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-errors-vs-successful-transactions.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Errors vs successful transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "percentage", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "percentage", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Errors vs successful transactions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-errors-vs-successful-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json b/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json deleted file mode 100644 index b7e92dfccc7..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] DHCPv4 Data Transfer", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Requests", - "field": "client.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Responses", - "field": "server.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 24, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] DHCPv4 Data Transfer", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json deleted file mode 100644 index bf83643ba51..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] HTTP status codes for the top queries", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "HTTP Query", - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": false, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] HTTP status codes for the top queries", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-codes-for-the-top-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json b/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json deleted file mode 100644 index 46edc1dc331..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes-evolution.json +++ /dev/null @@ -1,237 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "network.protocol", - "negate": false, - "params": { - "query": "http", - "type": "phrase" - }, - "type": "phrase", - "value": "http" - }, - "query": { - "match": { - "network.protocol": { - "query": "http", - "type": "phrase" - } - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "http.response.status_code", - "negate": true, - "params": { - "gte": 200, - "lt": 299 - }, - "type": "range", - "value": "200 to 299" - }, - "range": { - "http.response.status_code": { - "gte": 200, - "lte": 299 - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ] - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.http" - } - } - }, - "title": "[Network Packet Capture] HTTP error codes evolution", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP error codes evolution", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-error-codes-evolution", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json b/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json deleted file mode 100644 index 8e5e06ae05f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-http-error-codes.json +++ /dev/null @@ -1,187 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "type", - "negate": false, - "params": { - "query": "http", - "type": "phrase" - }, - "type": "phrase", - "value": "http" - }, - "query": { - "match": { - "network.protocol": { - "query": "http", - "type": "phrase" - } - } - } - } - ], - "highlight": { - "fields": { - "*": {} - }, - "post_tags": [ - "@/kibana-highlighted-field@" - ], - "pre_tags": [ - "@kibana-highlighted-field@" - ] - }, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset:network_traffic.http and http.response.status_code \u003e= 300" - } - } - }, - "title": "[Network Packet Capture] HTTP error codes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "type" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "HTTP Status Code", - "field": "http.response.status_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Unique count of type" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP error codes", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-http-error-codes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json b/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json deleted file mode 100644 index 9ec7f931662..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-latency-histogram.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Latency Histogram", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "extended_bounds": {}, - "field": "event.duration", - "interval": 10000000 - }, - "schema": "segment", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Latency Histogram", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-latency-histogram", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json deleted file mode 100644 index e39c028d535..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-commands.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB Commands", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "silhouette", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "silhouette", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB Commands", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-commands", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json deleted file mode 100644 index 0f156c393ae..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors-per-collection.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB errors per collection", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "spyPerPage": 10, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB errors per collection", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-errors-per-collection", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json deleted file mode 100644 index 7fbef8fc8bc..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-errors.json +++ /dev/null @@ -1,182 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 3 - }, - "schema": "split", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "row": true, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "spyPerPage": 10, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB errors", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json deleted file mode 100644 index 847eba61684..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json +++ /dev/null @@ -1,172 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB in/out throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of source.bytes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "4", - "label": "Sum of destination.bytes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB in/out throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-in-slash-out-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json b/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json deleted file mode 100644 index e40df2dc6dd..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MongoDB response times by collection", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "resource", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": false, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": "9", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": false, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": "9", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MongoDB response times by collection", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mongodb-response-times-by-collection", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json deleted file mode 100644 index d5cac0e69de..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-mysql-queries.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Most frequent MySQL queries", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "query", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true - }, - "title": "[Network Packet Capture] Most frequent MySQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-most-frequent-mysql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json deleted file mode 100644 index ca103969609..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Most frequent PgSQL queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Most frequent PgSQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-most-frequent-pgsql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json deleted file mode 100644 index 5fbe7f7bfae..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-errors.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json deleted file mode 100644 index d10dc3cfae9..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-methods.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Methods", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "wiggle", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "wiggle", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Methods", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json deleted file mode 100644 index fd65dd16441..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-reads-vs-writes.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL Reads vs Writes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "method: SELECT" - } - }, - { - "input": { - "language": "lucene", - "query": "method: INSERT OR method: UPDATE OR method: DELETE" - } - } - ] - }, - "schema": "group", - "type": "filters" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per 30 seconds" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] MySQL Reads vs Writes", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-reads-vs-writes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json deleted file mode 100644 index b5459277439..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Mysql response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] Mysql response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json deleted file mode 100644 index 9d037cd2783..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-mysql-throughput.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] MySQL throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "4", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of destination.bytes" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Sum of source.bytes" - }, - "mode": "normal", - "show": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] MySQL throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-mysql-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-navigation.json b/packages/network_traffic/kibana/visualization/network_traffic-navigation.json deleted file mode 100644 index 75e5ceb2023..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-navigation.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "[Network Packet Capture] Navigation", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "### Network Packet Capture:\n\n[Overview](#/dashboard/network_traffic-dashboard)\n\n[Network Flows](#/dashboard/network_traffic-flows)\n\n[DNS Overview](#/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e) | [Tunneling](#/dashboard/network_traffic-dns-unique-domains)\n\n[DHCPv4 Transactions](#/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb)\n\n[TLS Overview](#/dashboard/network_traffic-tls-sessions)\n\n[HTTP transactions](#/dashboard/network_traffic-http)\n\nDatabases: [MySQL](#/dashboard/network_traffic-mysql-performance) | [PostgreSQL](#/dashboard/network_traffic-pgsql-performance) | [MongoDB](#/dashboard/network_traffic-mongodb-performance) | [Cassandra](#/dashboard/network_traffic-cassandra)\n\nRPC: [Thrift](#/dashboard/network_traffic-thrift-performance)\n\nStorage: [NFS](#/dashboard/network_traffic-nfs)", - "openLinksInNewTab": false - }, - "title": "[Network Packet Capture] Navigation", - "type": "markdown" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-navigation", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json b/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json deleted file mode 100644 index f5aee22cbb2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json +++ /dev/null @@ -1,112 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Traffic Between Hosts", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Destination Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Traffic Between Hosts", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-network-traffic-between-your-hosts", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json deleted file mode 100644 index 564efe47971..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json +++ /dev/null @@ -1,180 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS Request / Response Sizes", - "uiStateJSON": { - "vis": { - "colors": { - "Sum of rpc.reply_size": "#7EB26D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Request Size", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Response Size", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Request Size" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Response Size" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS Request / Response Sizes", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-bytes-in-slash-out", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json deleted file mode 100644 index 32af9848868..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-clients-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS clients pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.machinename", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS clients pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-clients-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json deleted file mode 100644 index feb0db25e6e..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-errors.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "nfs.status", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 12 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs-errors-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json deleted file mode 100644 index 582596a6bda..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operation-table.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS operation table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Opcode", - "field": "nfs.opcode", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] NFS operation table", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-operation-table", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json deleted file mode 100644 index 9164ca824a4..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-operations-area-chart.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS operations area chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "nfs.opcode", - "order": "desc", - "orderBy": "1", - "size": 16 - }, - "schema": "group", - "type": "terms" - }, - { - "id": "3", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "interpolate": "linear", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS operations area chart", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-operations-area-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json deleted file mode 100644 index 70b5f5ea0a2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-response-times.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS response times", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 50 - ] - }, - "schema": "metric", - "type": "median" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": true, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": "9", - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Median event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": "9", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": true, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Median event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] NFS response times", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-response-times", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json deleted file mode 100644 index 9e0aff87099..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS top group pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.gid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS top group pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-top-group-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json b/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json deleted file mode 100644 index c3e9088cd33..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] NFS top users pie chart", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "rpc.cred.uid", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 16 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": false, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "shareYAxis": true, - "type": "pie" - }, - "title": "[Network Packet Capture] NFS top users pie chart", - "type": "pie" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-nfs-top-users-pie-chart", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-nfs", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json b/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json deleted file mode 100644 index 3e9bd6279f0..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": {}, - "schema": "radius", - "type": "count" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": false, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Number of MongoDB transactions with writeConcern w=0", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions-with-write-concern-0", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json deleted file mode 100644 index 1edabdea3b2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-errors.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json deleted file mode 100644 index f7663797a1f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-methods.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Methods", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "wiggle", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "wiggle", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Methods", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json deleted file mode 100644 index 72fcf9a8a71..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Reads vs Writes", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "filters": [ - { - "input": { - "language": "lucene", - "query": "method: SELECT" - } - }, - { - "input": { - "language": "lucene", - "query": "method: INSERT OR method: UPDATE OR method: DELETE" - } - } - ] - }, - "schema": "group", - "type": "filters" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per 30 seconds" - }, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] PgSQL Reads vs Writes", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-reads-vs-writes", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json deleted file mode 100644 index 4d45096f1a5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] PgSQL response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json b/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json deleted file mode 100644 index 5a0f35c74a2..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-pgsql-throughput.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] PgSQL Throughput", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Sum of destination.bytes" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Sum of source.bytes" - }, - "mode": "normal", - "show": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] PgSQL Throughput", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-pgsql-throughput", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json deleted file mode 100644 index 4a5578f1c8b..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-response-times-percentiles.json +++ /dev/null @@ -1,155 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 95, - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "drawLinesBetweenPoints": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 9, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "cardinal", - "mode": "normal", - "radiusRatio": 9, - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "showCircles": true, - "smoothLines": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json b/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json deleted file mode 100644 index 97d6e1f5253..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-response-times-repartition.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Response times repartition", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "extended_bounds": {}, - "field": "event.duration", - "interval": 10000000 - }, - "schema": "group", - "type": "histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Response times repartition", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-response-times-repartition", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json deleted file mode 100644 index c5f93044895..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-mysql-queries.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest MySQL queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Avg Response Time", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest MySQL queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-mysql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mysql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json deleted file mode 100644 index 556f348ec0d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-pgsql-queries.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest PgSQL Queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Average Response Time (ns)", - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest PgSQL Queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-pgsql-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-pgsql-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json deleted file mode 100644 index 623ba6aa6bd..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Slowest Thrift RPC methods", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "method", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Slowest Thrift RPC methods", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-slowest-thrift-rpc-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json deleted file mode 100644 index 68b673575a6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-requests-per-minute.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift requests per minute", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "m", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Thrift requests per minute", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-requests-per-minute", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json deleted file mode 100644 index d49e71c4fff..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-response-times-percentiles.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift response times percentiles", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 75, - 99, - 99.5 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Percentiles of event.duration" - }, - "mode": "normal", - "show": "true", - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "shareYAxis": true, - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Percentiles of event.duration" - }, - "type": "value" - } - ] - }, - "title": "[Network Packet Capture] Thrift response times percentiles", - "type": "line" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-response-times-percentiles", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json deleted file mode 100644 index fa334d6703c..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-thrift-rpc-errors.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Thrift RPC Errors", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "interpolate": "linear", - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "smoothLines": false, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Thrift RPC Errors", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-thrift-rpc-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json b/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json deleted file mode 100644 index 530b253713d..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-10-http-requests.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top 10 HTTP requests", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "url.full", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top 10 HTTP requests", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-10-http-requests", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json b/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json deleted file mode 100644 index 73c801caae5..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-creating-traffic.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Hosts Creating Traffic", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Source Bytes", - "field": "source.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Source IP", - "field": "source.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Source Bytes" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Hosts Creating Traffic", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-hosts-creating-traffic", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json b/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json deleted file mode 100644 index 6e84d11b9b6..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Hosts Receiving Traffic", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Destination Bytes", - "field": "destination.bytes" - }, - "schema": "metric", - "type": "sum" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Destination IP", - "field": "destination.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "fittingFunction": "zero", - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "interpolate": "linear", - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Destination Bytes" - }, - "interpolate": "cardinal", - "mode": "stacked", - "show": "true", - "type": "area", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "smoothLines": true, - "times": [], - "type": "area", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Hosts Receiving Traffic", - "type": "area" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-hosts-receiving-traffic", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-flows-search", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json b/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json deleted file mode 100644 index 6715a8a7c96..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top slowest MongoDB queries", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "event.duration", - "percents": [ - 99 - ] - }, - "schema": "metric", - "type": "percentiles" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Top slowest MongoDB queries", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-slowest-mongodb-queries", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-mongodb-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json b/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json deleted file mode 100644 index 6fba58f657b..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Thrift-RPC calls with errors", - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "method", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "shareYAxis": true - }, - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-thrift-rpc-calls-with-errors", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-errors", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json b/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json deleted file mode 100644 index cf63f81f48f..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-top-thrift-rpc-methods.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Top Thrift-RPC methods ", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "id": "2", - "params": { - "field": "method", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": false, - "mode": "stacked", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Top Thrift-RPC methods", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-top-thrift-rpc-methods", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-thrift-transactions", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json deleted file mode 100644 index 79f24dfe0e8..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-total-number-of-http-transactions.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Total number of HTTP transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "fontSize": "37", - "handleNoResults": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "[Network Packet Capture] Total number of HTTP transactions", - "type": "metric" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-total-number-of-http-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json b/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json deleted file mode 100644 index 1813f448e85..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ETLD+1", - "field": "dns.question.etld_plus_one", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Unique Domains", - "field": "dns.question.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "listeners": {}, - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1 Table", - "type": "table" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-unique-fqdns-per-etld-1-table", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json b/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json deleted file mode 100644 index a9337a339eb..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", - "uiStateJSON": { - "vis": { - "colors": { - "Count": "#1F78C1", - "Unique count of dns.question.name": "#E0752D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Unique Subdomain Count", - "field": "dns.question.name" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Domains", - "field": "dns.question.etld_plus_one", - "order": "desc", - "orderBy": "1", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "listeners": {}, - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "defaultYExtents": true, - "legendPosition": "right", - "mode": "grouped", - "scale": "linear", - "setYExtents": false, - "shareYAxis": true, - "times": [], - "yAxis": {} - }, - "title": "[Network Packet Capture] Unique FQDNs per eTLD+1", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-unique-fqdns-per-etld-1", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json b/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json deleted file mode 100644 index b5aba3cad99..00000000000 --- a/packages/network_traffic/kibana/visualization/network_traffic-web-transactions.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "[Network Packet Capture] HTTP Transactions", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": false, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "defaultYExtents": false, - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "legendPosition": "right", - "mode": "stacked", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "mode": "stacked", - "show": "true", - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "setYExtents": false, - "shareYAxis": true, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "defaultYExtents": false, - "mode": "normal", - "setYExtents": false, - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ], - "yAxis": {} - }, - "title": "[Network Packet Capture] HTTP Transactions", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.17.0", - "id": "network_traffic-web-transactions", - "migrationVersion": { - "visualization": "7.17.0" - }, - "references": [ - { - "id": "network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index 7a29bc117d3..1a299cd0216 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: "1.7.0" +version: "1.7.1" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index 29578d033c6..c82e2c0324f 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.9.1" changes: - description: Remove duplicate fields. diff --git a/packages/o365/data_stream/audit/sample_event.json b/packages/o365/data_stream/audit/sample_event.json index 15d4498a337..c469684f957 100644 --- a/packages/o365/data_stream/audit/sample_event.json +++ b/packages/o365/data_stream/audit/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2020-02-07T16:43:53.000Z", "agent": { - "ephemeral_id": "14ad310a-30bb-45d4-9dd4-20f22267fbd5", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "2bdc8c46-c1e5-40ff-b8a4-249988bae0a1", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "client": { "address": "213.97.47.133", @@ -20,9 +20,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "PageViewed", @@ -33,7 +33,7 @@ "code": "SharePoint", "dataset": "o365.audit", "id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", - "ingested": "2022-01-02T03:51:15Z", + "ingested": "2022-11-14T19:23:46Z", "kind": "event", "original": "{\"ListItemUniqueId\": \"59a8433d-9bb8-cfef-6edc-4c0fc8b86875\", \"ItemType\": \"Page\", \"Workload\": \"OneDrive\", \"OrganizationId\": \"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\", \"UserId\": \"asr@testsiem.onmicrosoft.com\", \"CreationTime\": \"2020-02-07T16:43:53\", \"Site\": \"d5180cfc-3479-44d6-b410-8c985ac894e3\", \"ClientIP\": \"213.97.47.133\", \"WebId\": \"8c5c94bb-8396-470c-87d7-8999f440cd30\", \"UserType\": 0, \"Version\": 1, \"EventSource\": \"SharePoint\", \"UserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\", \"UserKey\": \"i:0h.f|membership|1003200096971f55@live.com\", \"CustomUniqueId\": true, \"Operation\": \"PageViewed\", \"ObjectId\": \"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx\", \"Id\": \"99d005e6-a4c6-46fd-117c-08d7abeceab5\", \"CorrelationId\": \"622b339f-4000-a000-f25f-92b3478c7a25\", \"RecordType\": 4}", "outcome": "success", diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md index 1354e3431d3..47f76203263 100644 --- a/packages/o365/docs/README.md +++ b/packages/o365/docs/README.md @@ -33,11 +33,11 @@ An example event for `audit` looks as following: { "@timestamp": "2020-02-07T16:43:53.000Z", "agent": { - "ephemeral_id": "14ad310a-30bb-45d4-9dd4-20f22267fbd5", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "2bdc8c46-c1e5-40ff-b8a4-249988bae0a1", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "client": { "address": "213.97.47.133", @@ -52,9 +52,9 @@ An example event for `audit` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "e7303a60-a051-4b51-bba8-b13f8f1a47ca", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "PageViewed", @@ -65,7 +65,7 @@ An example event for `audit` looks as following: "code": "SharePoint", "dataset": "o365.audit", "id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", - "ingested": "2022-01-02T03:51:15Z", + "ingested": "2022-11-14T19:23:46Z", "kind": "event", "original": "{\"ListItemUniqueId\": \"59a8433d-9bb8-cfef-6edc-4c0fc8b86875\", \"ItemType\": \"Page\", \"Workload\": \"OneDrive\", \"OrganizationId\": \"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\", \"UserId\": \"asr@testsiem.onmicrosoft.com\", \"CreationTime\": \"2020-02-07T16:43:53\", \"Site\": \"d5180cfc-3479-44d6-b410-8c985ac894e3\", \"ClientIP\": \"213.97.47.133\", \"WebId\": \"8c5c94bb-8396-470c-87d7-8999f440cd30\", \"UserType\": 0, \"Version\": 1, \"EventSource\": \"SharePoint\", \"UserAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\", \"UserKey\": \"i:0h.f|membership|1003200096971f55@live.com\", \"CustomUniqueId\": true, \"Operation\": \"PageViewed\", \"ObjectId\": \"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx\", \"Id\": \"99d005e6-a4c6-46fd-117c-08d7abeceab5\", \"CorrelationId\": \"622b339f-4000-a000-f25f-92b3478c7a25\", \"RecordType\": 4}", "outcome": "success", diff --git a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json index 93f0063c76f..f08bfe63ab5 100644 --- a/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json +++ b/packages/o365/kibana/dashboard/o365-712e2c00-685d-11ea-8d6a-292ef5d68366.json @@ -1,4 +1,11 @@ { + "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T19:20:20.599Z", + "version": "WzY3MiwxXQ==", "attributes": { "description": "Sample dashboard for Office 365 Management Activity events", "hits": 0, @@ -17,9 +24,8 @@ }, "panelsJSON": [ { - "embeddableConfig": { - "title": "Total audit events" - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 6, "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", @@ -28,14 +34,74 @@ "y": 0 }, "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc", - "panelRefName": "panel_0", - "title": "Total audit events", - "version": "7.6.0" - }, - { "embeddableConfig": { - "title": "Event histogram by service" + "enhancements": {}, + "savedVis": { + "title": "Audit Event Count [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "searchSource": {} + } + }, + "type": "visualization" }, + "title": "Total audit events" + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 14, "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", @@ -44,67 +110,569 @@ "y": 0 }, "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272", - "panelRefName": "panel_1", - "title": "Event histogram by service", - "version": "7.6.0" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Events Histogram [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.code: Descending", + "params": {} + } + ], + "x": { + "accessor": 1, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "label": "@timestamp per 12 hours", + "params": { + "bounds": { + "max": "2020-02-29T10:59:01.067Z", + "min": "2020-02-05T03:25:59.045Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H", + "intervalESUnit": "h", + "intervalESValue": 12 + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "2020-02-05T03:25:59.045Z", + "to": "2020-02-29T10:59:01.067Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "searchSource": {} + } + }, + "type": "visualization" + }, + "title": "Event histogram by service" }, { + "version": "8.1.0", + "type": "visualization", + "gridData": { + "h": 8, + "i": "70ab7239-c65c-41da-8242-da61750745d7", + "w": 10, + "x": 0, + "y": 6 + }, + "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", "embeddableConfig": { "colors": { "alert": "#EF843C", "event": "#7EB26D" }, "legendOpen": true, - "title": "Events by type", "vis": { "colors": { "alert": "#E24D42", "event": "#7EB26D" }, "legendOpen": true - } + }, + "enhancements": {}, + "savedVis": { + "title": "Audit Event Type [Logs o365]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.kind", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": {} + } + }, + "type": "visualization" }, + "title": "Events by type" + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { - "h": 8, - "i": "70ab7239-c65c-41da-8242-da61750745d7", + "h": 17, + "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", "w": 10, "x": 0, - "y": 6 + "y": 14 }, - "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7", - "panelRefName": "panel_2", - "title": "Events by type", - "version": "7.6.0" - }, - { + "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", "embeddableConfig": { "colors": { "failure": "#E24D42", "success": "#629E51" }, "legendOpen": false, - "title": "Top users by authentication failures", "vis": { "colors": { "failure": "#E24D42", "success": "#629E51" }, "legendOpen": true - } + }, + "enhancements": {}, + "savedVis": { + "title": "Top Authentication Failures [Logs o365]", + "description": "", + "uiState": { + "vis": { + "colors": { + "failure": "#E24D42", + "success": "#629E51" + }, + "legendOpen": true + } + }, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": false, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "event.outcome: Ascending", + "params": {} + } + ], + "splitRow": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other", + "parsedUrl": { + "basePath": "", + "origin": "http://localhost:5601", + "pathname": "/app/kibana" + } + } + }, + "label": "user.name: Descending", + "params": {} + } + ], + "x": null, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "label": "Count", + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "valueAxis": "" + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "orderBucketsBySum": true, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1", + "circlesRadius": 1 + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": false, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": false, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "isVislibVis": true, + "detailedTooltip": true + }, + "type": "horizontal_bar", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "asc", + "orderBy": "_key", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 2 + }, + "schema": "group", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "split", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "authentication" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "authentication" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" }, + "title": "Top users by authentication failures" + }, + { + "version": "8.1.0", + "type": "map", "gridData": { "h": 17, - "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "w": 10, - "x": 0, + "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", + "w": 38, + "x": 10, "y": 14 }, - "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c", - "panelRefName": "panel_3", - "title": "Top users by authentication failures", - "version": "7.6.0" - }, - { + "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", "embeddableConfig": { "hiddenLayers": [], "isLayerTOCOpen": false, @@ -114,24 +682,21 @@ "zoom": 1.88 }, "openTOCDetails": [], - "title": "Client geolocation map" - }, - "gridData": { - "h": 17, - "i": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "w": 38, - "x": 10, - "y": 14 + "enhancements": {}, + "attributes": { + "title": "Client Geo Map [Logs o365 audit]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":30.87292,\"lon\":16.67387},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:\\\"o365.audit\\\" \"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"zoom\":2.88,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"geoField\":\"source.geo.location\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"airfield\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"maxSize\":32,\"minSize\":8},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}},\"type\":\"DYNAMIC\"},\"lineColor\":{\"options\":{\"color\":\"#FFF\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":0},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + }, + "type": "map" }, - "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31", - "panelRefName": "panel_4", - "title": "Client geolocation map", - "version": "7.6.0" + "title": "Client geolocation map" }, { - "embeddableConfig": { - "title": "Data Loss Prevention alerts" - }, + "version": "7.6.0", + "type": "search", "gridData": { "h": 13, "i": "481f1778-caad-4971-b598-bb61c94bf998", @@ -140,53 +705,56 @@ "y": 31 }, "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998", - "panelRefName": "panel_5", + "embeddableConfig": { + "enhancements": {} + }, "title": "Data Loss Prevention alerts", - "version": "7.6.0" + "panelRefName": "panel_481f1778-caad-4971-b598-bb61c94bf998" } ], "timeRestore": false, "title": "[Logs o365] Audit Dashboard", "version": 1 }, - "id": "o365-712e2c00-685d-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "dashboard": "7.3.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "o365-0be1adb0-6860-11ea-8d6a-292ef5d68366", - "name": "panel_0", - "type": "visualization" + "name": "481f1778-caad-4971-b598-bb61c94bf998:panel_481f1778-caad-4971-b598-bb61c94bf998", + "type": "search", + "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366" }, { - "id": "o365-8b033510-685a-11ea-8d6a-292ef5d68366", - "name": "panel_1", - "type": "visualization" + "type": "search", + "name": "b6942e2a-81dc-40e4-a932-8b7a864b28bc:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, { - "id": "o365-d43c95a0-6864-11ea-8d6a-292ef5d68366", - "name": "panel_2", - "type": "visualization" + "type": "search", + "name": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, { - "id": "o365-897d0c70-6869-11ea-8d6a-292ef5d68366", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "70ab7239-c65c-41da-8242-da61750745d7:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" }, { - "id": "o365-dbae13c0-685c-11ea-8d6a-292ef5d68366", - "name": "panel_4", - "type": "map" + "type": "index-pattern", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "o365-8b8e5a10-6886-11ea-8d6a-292ef5d68366", - "name": "panel_5", - "type": "search" + "type": "search", + "name": "775ced7d-7c58-44bc-8d4e-2a757d2c218c:search_0", + "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366" + }, + { + "type": "index-pattern", + "name": "15fe975b-6b8b-4445-872d-e06c041e2c31:layer_1_source_index_pattern", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index a9b88eb38cd..00000000000 --- a/packages/o365/kibana/map/o365-dbae13c0-685c-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "0b910b6c-77c8-4223-892a-1ebf69b0ccb4", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "acc53b7b-3411-406b-9371-6fa62b6b9365", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "applyGlobalQuery": true, - "geoField": "source.geo.location", - "id": "3ba31ffc-7051-44bf-96a0-a684020cd2a3", - "indexPatternRefName": "layer_1_source_index_pattern", - "requestType": "point", - "resolution": "FINE", - "type": "ES_GEO_GRID" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "Yellow to Red", - "colorCategory": "palette_0", - "field": { - "name": "doc_count", - "origin": "source" - }, - "fieldMetaOptions": { - "isEnabled": true, - "sigma": 3 - }, - "type": "ORDINAL", - "useCustomColorRamp": false - }, - "type": "DYNAMIC" - }, - "icon": { - "options": { - "value": "airfield" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "field": { - "name": "doc_count", - "origin": "source" - }, - "fieldMetaOptions": { - "isEnabled": true, - "sigma": 3 - }, - "maxSize": 32, - "minSize": 8 - }, - "type": "DYNAMIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "field": { - "name": "doc_count", - "origin": "source" - } - }, - "type": "DYNAMIC" - }, - "lineColor": { - "options": { - "color": "#FFF" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 0 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 30.87292, - "lon": 16.67387 - }, - "filters": [], - "query": { - "language": "kuery", - "query": "data_stream.dataset:\"o365.audit\" " - }, - "refreshConfig": { - "interval": 0, - "isPaused": false - }, - "timeFilters": { - "from": "2020-02-05T03:25:59.045Z", - "to": "2020-02-29T10:59:01.067Z" - }, - "zoom": 2.88 - }, - "title": "Client Geo Map [Logs o365 audit]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "o365-dbae13c0-685c-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "map": "7.9.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index 4a0de719efb..00000000000 --- a/packages/o365/kibana/visualization/o365-0be1adb0-6860-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Audit Event Count [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "dimensions": { - "metrics": [ - { - "accessor": 0, - "format": { - "id": "number", - "params": {} - }, - "type": "vis_dimension" - } - ] - }, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000, - "type": "range" - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Audit Event Count [Logs o365]", - "type": "metric" - } - }, - "id": "o365-0be1adb0-6860-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index c3ab8e6044c..00000000000 --- a/packages/o365/kibana/visualization/o365-897d0c70-6869-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,252 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "authentication" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "authentication" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Authentication Failures [Logs o365]", - "uiStateJSON": { - "vis": { - "colors": { - "failure": "#E24D42", - "success": "#629E51" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "asc", - "orderBy": "_key", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 2 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "split", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 200 - }, - "position": "left", - "scale": { - "type": "linear" - }, - "show": false, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "event.outcome: Ascending", - "params": {} - } - ], - "splitRow": [ - { - "accessor": 1, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "user.name: Descending", - "params": {} - } - ], - "x": null, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false, - "valueAxis": "" - }, - "labels": { - "show": true - }, - "legendPosition": "bottom", - "orderBucketsBySum": true, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": true, - "rotate": 75, - "show": false, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "bottom", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": false, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Authentication Failures [Logs o365]", - "type": "horizontal_bar" - } - }, - "id": "o365-897d0c70-6869-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index beb10a38b70..00000000000 --- a/packages/o365/kibana/visualization/o365-8b033510-685a-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,208 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Events Histogram [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 50 - }, - "schema": "group", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "2020-02-05T03:25:59.045Z", - "to": "2020-02-29T10:59:01.067Z" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "dimensions": { - "series": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other", - "parsedUrl": { - "basePath": "", - "origin": "http://localhost:5601", - "pathname": "/app/kibana" - } - } - }, - "label": "event.code: Descending", - "params": {} - } - ], - "x": { - "accessor": 1, - "aggType": "date_histogram", - "format": { - "id": "date", - "params": { - "pattern": "YYYY-MM-DD HH:mm" - } - }, - "label": "@timestamp per 12 hours", - "params": { - "bounds": { - "max": "2020-02-29T10:59:01.067Z", - "min": "2020-02-05T03:25:59.045Z" - }, - "date": true, - "format": "YYYY-MM-DD HH:mm", - "interval": "PT12H", - "intervalESUnit": "h", - "intervalESValue": 12 - } - }, - "y": [ - { - "accessor": 2, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - ] - }, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Events Histogram [Logs o365]", - "type": "histogram" - } - }, - "id": "o365-8b033510-685a-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json b/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json deleted file mode 100644 index 510e5d591b6..00000000000 --- a/packages/o365/kibana/visualization/o365-d43c95a0-6864-11ea-8d6a-292ef5d68366.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "savedSearchRefName": "search_0", - "title": "Audit Event Type [Logs o365]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.kind", - "missingBucket": true, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": true, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "label": "Count", - "params": {} - } - }, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Audit Event Type [Logs o365]", - "type": "pie" - } - }, - "id": "o365-d43c95a0-6864-11ea-8d6a-292ef5d68366", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "o365-fdc14020-6859-11ea-8d6a-292ef5d68366", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index 85dd16f2280..85c129402f2 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Microsoft 365 -version: "1.9.1" +version: "1.9.2" release: ga description: Collect logs from Microsoft 365 with Elastic Agent. type: integration @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^8.1.0 icons: - src: /img/logo-integrations-microsoft-365.svg title: Microsoft Office 365 diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 765c4776137..d78c3f4f718 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.11.1" changes: - description: Remove duplicate fields. diff --git a/packages/okta/data_stream/system/sample_event.json b/packages/okta/data_stream/system/sample_event.json index 32189360c38..d3a3a0dc534 100644 --- a/packages/okta/data_stream/system/sample_event.json +++ b/packages/okta/data_stream/system/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2020-02-14T20:18:57.718Z", "agent": { - "ephemeral_id": "3347d5a2-0d81-41c5-8cbf-a69aebcdb56a", - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", + "ephemeral_id": "77828d7c-b45f-46a7-ae95-601b4c1bb310", + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.2.1" + "version": "8.1.0" }, "client": { "geo": { @@ -32,9 +32,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", - "snapshot": true, - "version": "8.2.1" + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", + "snapshot": false, + "version": "8.1.0" }, "event": { "action": "user.session.start", @@ -43,10 +43,10 @@ "authentication", "session" ], - "created": "2022-05-18T08:57:39.484Z", + "created": "2022-11-14T19:14:59.223Z", "dataset": "okta.system", "id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "ingested": "2022-05-18T08:57:40Z", + "ingested": "2022-11-14T19:15:00Z", "kind": "event", "original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "outcome": "success", diff --git a/packages/okta/docs/README.md b/packages/okta/docs/README.md index 31ab567ef75..01d1739a89b 100644 --- a/packages/okta/docs/README.md +++ b/packages/okta/docs/README.md @@ -14,11 +14,11 @@ An example event for `system` looks as following: { "@timestamp": "2020-02-14T20:18:57.718Z", "agent": { - "ephemeral_id": "3347d5a2-0d81-41c5-8cbf-a69aebcdb56a", - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", + "ephemeral_id": "77828d7c-b45f-46a7-ae95-601b4c1bb310", + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.2.1" + "version": "8.1.0" }, "client": { "geo": { @@ -45,9 +45,9 @@ An example event for `system` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "dbc761fd-dec4-4bc7-acec-8e5cb02a0cb6", - "snapshot": true, - "version": "8.2.1" + "id": "541f4fe3-4f0f-482a-9582-0ac9c9a98fda", + "snapshot": false, + "version": "8.1.0" }, "event": { "action": "user.session.start", @@ -56,10 +56,10 @@ An example event for `system` looks as following: "authentication", "session" ], - "created": "2022-05-18T08:57:39.484Z", + "created": "2022-11-14T19:14:59.223Z", "dataset": "okta.system", "id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "ingested": "2022-05-18T08:57:40Z", + "ingested": "2022-11-14T19:15:00Z", "kind": "event", "original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "outcome": "success", diff --git a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json index 74898152f54..d9f27196be6 100644 --- a/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json +++ b/packages/okta/kibana/dashboard/okta-749203a0-67b1-11ea-a76f-bf44814e437d.json @@ -1,4 +1,11 @@ { + "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T19:11:12.643Z", + "version": "WzU3MCwxXQ==", "attributes": { "description": "Logs Okta integration Kibana dashboard", "hits": 0, @@ -17,16 +24,8 @@ }, "panelsJSON": [ { - "embeddableConfig": { - "hiddenLayers": [], - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 26.54701, - "lon": -44.69098, - "zoom": 2.75 - }, - "openTOCDetails": [] - }, + "version": "8.1.0", + "type": "map", "gridData": { "h": 22, "i": "8013824b-5a66-494c-acc5-3df8b7678879", @@ -35,11 +34,29 @@ "y": 0 }, "panelIndex": "8013824b-5a66-494c-acc5-3df8b7678879", - "panelRefName": "panel_0", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 26.54701, + "lon": -44.69098, + "zoom": 2.75 + }, + "openTOCDetails": [], + "enhancements": {}, + "attributes": { + "title": "Geolocation [Logs Okta]", + "description": "", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}", + "mapStateJSON": "{\"center\":{\"lat\":26.54701,\"lon\":-44.69098},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"logs-*\",\"key\":\"data_stream.dataset\",\"negate\":false,\"params\":{\"query\":\"okta.system\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"okta.system\"}}}],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"zoom\":2.75,\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": "[{\"alpha\":1,\"id\":\"6908e81b-1695-4445-aee4-8bc8c9f65600\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\",\"lightModeDefault\":\"road_map\"},\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"dc52e707-92d7-4de7-becf-a3a8bfaa2c2d\",\"label\":\"Okta \",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"okta.system\\\" \"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":false,\"geoField\":\"client.geo.location\",\"id\":\"4b8bd321-4b90-4d97-83e0-2b12bf091f66\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]" + }, + "type": "map" + } }, { - "embeddableConfig": {}, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", @@ -48,11 +65,95 @@ "y": 22 }, "panelIndex": "c6a66fe5-21a2-4308-8563-d4a7f5135d25", - "panelRefName": "panel_1", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Outcome [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { - "embeddableConfig": {}, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "195db901-dc2b-4b7d-80c3-742e2712ac2a", @@ -61,11 +162,95 @@ "y": 22 }, "panelIndex": "195db901-dc2b-4b7d-80c3-742e2712ac2a", - "panelRefName": "panel_2", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Transaction Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.transaction.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { - "embeddableConfig": {}, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", @@ -74,11 +259,70 @@ "y": 22 }, "panelIndex": "dc5128e2-0b4d-4dd5-bbc2-624f64467a77", - "panelRefName": "panel_3", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Time Series [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "bar_color_rules": [ + { + "id": "abd68650-67c6-11ea-8c7d-ed286611413e" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "data_stream.dataset : \"okta.system\"" + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" + } }, { - "embeddableConfig": {}, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "a25a43ed-3262-486c-a482-1fac52f26128", @@ -87,11 +331,95 @@ "y": 22 }, "panelIndex": "a25a43ed-3262-486c-a482-1fac52f26128", - "panelRefName": "panel_4", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Actor Types [Logs Okta]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "okta.actor.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "okta.system" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { - "embeddableConfig": {}, + "version": "8.0.0-SNAPSHOT", + "type": "search", "gridData": { "h": 16, "i": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", @@ -100,52 +428,60 @@ "y": 33 }, "panelIndex": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", - "panelRefName": "panel_5", - "version": "8.0.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9" } ], "timeRestore": false, "title": "[Logs Okta] Overview", "version": 1 }, - "id": "okta-749203a0-67b1-11ea-a76f-bf44814e437d", - "migrationVersion": { - "dashboard": "7.3.0" - }, - "namespaces": [ - "default" - ], "references": [ { - "id": "okta-281ca660-67b1-11ea-a76f-bf44814e437d", - "name": "panel_0", - "type": "map" + "name": "c0d5bac3-7e50-4ef9-a401-5a596ec84ee9:panel_c0d5bac3-7e50-4ef9-a401-5a596ec84ee9", + "type": "search", + "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d" }, { - "id": "okta-545d6a00-67ae-11ea-a76f-bf44814e437d", - "name": "panel_1", - "type": "visualization" + "type": "index-pattern", + "name": "8013824b-5a66-494c-acc5-3df8b7678879:layer_1_source_index_pattern", + "id": "logs-*" }, { - "id": "okta-7c6ec080-67c6-11ea-a76f-bf44814e437d", - "name": "panel_2", - "type": "visualization" + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "okta-cda883a0-67c6-11ea-a76f-bf44814e437d", - "name": "panel_3", - "type": "visualization" + "type": "index-pattern", + "name": "c6a66fe5-21a2-4308-8563-d4a7f5135d25:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "okta-0a784b30-67c7-11ea-a76f-bf44814e437d", - "name": "panel_4", - "type": "visualization" + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" }, { - "id": "okta-21028750-67ca-11ea-a76f-bf44814e437d", - "name": "panel_5", - "type": "search" + "type": "index-pattern", + "name": "195db901-dc2b-4b7d-80c3-742e2712ac2a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "a25a43ed-3262-486c-a482-1fac52f26128:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 22759481960..00000000000 --- a/packages/okta/kibana/map/okta-281ca660-67b1-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,185 +0,0 @@ -{ - "attributes": { - "description": "", - "layerListJSON": [ - { - "alpha": 1, - "id": "6908e81b-1695-4445-aee4-8bc8c9f65600", - "label": null, - "maxZoom": 24, - "minZoom": 0, - "sourceDescriptor": { - "isAutoSelect": true, - "type": "EMS_TMS" - }, - "style": {}, - "type": "VECTOR_TILE", - "visible": true - }, - { - "alpha": 0.75, - "id": "dc52e707-92d7-4de7-becf-a3a8bfaa2c2d", - "label": "Okta ", - "maxZoom": 24, - "minZoom": 0, - "query": { - "language": "kuery", - "query": "data_stream.dataset : \"okta.system\" " - }, - "sourceDescriptor": { - "applyGlobalQuery": true, - "filterByMapBounds": false, - "geoField": "client.geo.location", - "id": "4b8bd321-4b90-4d97-83e0-2b12bf091f66", - "indexPatternRefName": "layer_1_source_index_pattern", - "scalingType": "LIMIT", - "sortField": "", - "sortOrder": "desc", - "tooltipProperties": [], - "topHitsSize": 1, - "type": "ES_SEARCH" - }, - "style": { - "isTimeAware": true, - "properties": { - "fillColor": { - "options": { - "color": "#54B399" - }, - "type": "STATIC" - }, - "icon": { - "options": { - "value": "marker" - }, - "type": "STATIC" - }, - "iconOrientation": { - "options": { - "orientation": 0 - }, - "type": "STATIC" - }, - "iconSize": { - "options": { - "size": 6 - }, - "type": "STATIC" - }, - "labelBorderColor": { - "options": { - "color": "#FFFFFF" - }, - "type": "STATIC" - }, - "labelBorderSize": { - "options": { - "size": "SMALL" - } - }, - "labelColor": { - "options": { - "color": "#000000" - }, - "type": "STATIC" - }, - "labelSize": { - "options": { - "size": 14 - }, - "type": "STATIC" - }, - "labelText": { - "options": { - "value": "" - }, - "type": "STATIC" - }, - "lineColor": { - "options": { - "color": "#41937c" - }, - "type": "STATIC" - }, - "lineWidth": { - "options": { - "size": 1 - }, - "type": "STATIC" - }, - "symbolizeAs": { - "options": { - "value": "circle" - } - } - }, - "type": "VECTOR" - }, - "type": "VECTOR", - "visible": true - } - ], - "mapStateJSON": { - "center": { - "lat": 26.54701, - "lon": -44.69098 - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "refreshConfig": { - "interval": 0, - "isPaused": false - }, - "timeFilters": { - "from": "now-15w", - "to": "now" - }, - "zoom": 2.75 - }, - "title": "Geolocation [Logs Okta]", - "uiStateJSON": { - "isLayerTOCOpen": true, - "openTOCDetails": [] - } - }, - "id": "okta-281ca660-67b1-11ea-a76f-bf44814e437d", - "migrationVersion": { - "map": "7.9.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "type": "map" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json deleted file mode 100644 index fd3e1cd916e..00000000000 --- a/packages/okta/kibana/visualization/okta-0a784b30-67c7-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Actor Types [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.actor.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Actor Types [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-0a784b30-67c7-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 11a37397711..00000000000 --- a/packages/okta/kibana/visualization/okta-545d6a00-67ae-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Event Outcome [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.outcome", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Event Outcome [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-545d6a00-67ae-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 0cf30b64ec7..00000000000 --- a/packages/okta/kibana/visualization/okta-7c6ec080-67c6-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "okta.system" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "okta.system" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Transaction Types [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "okta.transaction.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Transaction Types [Logs Okta]", - "type": "pie" - } - }, - "id": "okta-7c6ec080-67c6-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json b/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json deleted file mode 100644 index 159e68b68e0..00000000000 --- a/packages/okta/kibana/visualization/okta-cda883a0-67c6-11ea-a76f-bf44814e437d.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Time Series [Logs Okta]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "bar_color_rules": [ - { - "id": "abd68650-67c6-11ea-8c7d-ed286611413e" - } - ], - "default_index_pattern": "logs-*", - "default_timefield": "@timestamp", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"okta.system\"" - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries" - }, - "title": "Time Series [Logs Okta]", - "type": "metrics" - } - }, - "id": "okta-cda883a0-67c6-11ea-a76f-bf44814e437d", - "migrationVersion": { - "visualization": "7.8.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index a9e9f2955bd..f05151ae969 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta -version: "1.11.1" +version: "1.11.2" release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: [security] conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^8.1.0 icons: - src: /img/okta-logo.svg title: Okta diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index c3572f33fa1..003bc082c4a 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.6.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/osquery/data_stream/result/sample_event.json b/packages/osquery/data_stream/result/sample_event.json index 17537b08178..b7afc34b75b 100644 --- a/packages/osquery/data_stream/result/sample_event.json +++ b/packages/osquery/data_stream/result/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "b33539a4-b177-41fd-9c97-5664d8bd5120", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "207a0fe6-de4f-434f-9c34-d0898df6ac96", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "osquery.result", @@ -16,39 +16,39 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-01-02T05:31:42.889Z", + "created": "2022-11-22T19:16:32.440Z", "dataset": "osquery.result", - "ingested": "2022-01-02T05:31:43Z", + "ingested": "2022-11-22T19:16:35Z", "kind": "event", "type": "info" }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "172.18.0.5" + "172.25.0.7" ], "mac": [ - "02:42:ac:12:00:05" + "02:42:ac:19:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-43-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/osquery/docs/README.md b/packages/osquery/docs/README.md index da4ba9f9583..aaed265d81e 100644 --- a/packages/osquery/docs/README.md +++ b/packages/osquery/docs/README.md @@ -26,11 +26,11 @@ An example event for `result` looks as following: { "@timestamp": "2018-01-08T14:51:55.000Z", "agent": { - "ephemeral_id": "b33539a4-b177-41fd-9c97-5664d8bd5120", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "207a0fe6-de4f-434f-9c34-d0898df6ac96", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "osquery.result", @@ -41,39 +41,39 @@ An example event for `result` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "eaaf0f0c-2e54-4bd7-a0cc-9968349277bc", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "added", "agent_id_status": "verified", - "created": "2022-01-02T05:31:42.889Z", + "created": "2022-11-22T19:16:32.440Z", "dataset": "osquery.result", - "ingested": "2022-01-02T05:31:43Z", + "ingested": "2022-11-22T19:16:35Z", "kind": "event", "type": "info" }, "host": { "architecture": "x86_64", - "containerized": true, + "containerized": false, "hostname": "ubuntu-xenial", "id": "72E1287B-D1BC-4FC6-B9D8-64F4352776A9", "ip": [ - "172.18.0.5" + "172.25.0.7" ], "mac": [ - "02:42:ac:12:00:05" + "02:42:ac:19:00:07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-43-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "5.10.104-linuxkit", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.3 LTS (Focal Fossa)" } }, "input": { diff --git a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json index 15b784f4498..3b0d9806e33 100644 --- a/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json +++ b/packages/osquery/kibana/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05.json @@ -1,4 +1,11 @@ { + "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T16:57:04.133Z", + "version": "WzU3OSwxXQ==", "attributes": { "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", "hits": 0, @@ -35,9 +42,8 @@ "version": "7.11.0-SNAPSHOT" }, { - "embeddableConfig": { - "enhancements": {} - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 15, "i": "2", @@ -46,8 +52,76 @@ "y": 0 }, "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.11.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Mounts by type [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.path", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { "embeddableConfig": { @@ -65,9 +139,8 @@ "version": "7.11.0-SNAPSHOT" }, { - "embeddableConfig": { - "enhancements": {} - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "4", @@ -76,20 +149,94 @@ "y": 4 }, "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.11.0-SNAPSHOT" - }, - { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" + "savedVis": { + "title": "OS versions [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - "legendOpen": false - } - }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "osquery.result.host_identifier" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "osquery.result.columns.platform_like", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 11, "i": "5", @@ -98,13 +245,127 @@ "y": 4 }, "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.11.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false + }, + "savedVis": { + "title": "Number of Kernel integrations [Logs Osquery]", + "description": "", + "uiState": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "alignment": "horizontal", + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true + }, + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter" + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "type": "gauge", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Live Kernel integrations", + "field": "osquery.result.columns.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "osquery.result.columns.status", + "negate": false, + "params": { + "query": "Live", + "type": "phrase" + }, + "type": "phrase", + "value": "Live" + }, + "query": { + "match": { + "osquery.result.columns.status": { + "query": "Live", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { - "embeddableConfig": { - "enhancements": {} - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 4, "i": "6", @@ -113,49 +374,64 @@ "y": 0 }, "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.11.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" + } } ], "timeRestore": false, "title": "[Logs Osquery] Compliance pack", "version": 1 }, - "id": "osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05", - "migrationVersion": { - "dashboard": "7.11.0" - }, "references": [ { "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", "name": "panel_0", "type": "search" }, - { - "id": "osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "name": "panel_1", - "type": "visualization" - }, { "id": "osquery-3824b080-eb02-11e7-8f04-51231daa5b05", "name": "panel_2", "type": "search" }, { - "id": "osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05" + }, + { + "type": "search", + "name": "4:search_0", + "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05" }, { - "id": "osquery-240f3630-eb05-11e7-8f04-51231daa5b05", - "name": "panel_4", - "type": "visualization" + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "panel_5", - "type": "visualization" + "type": "search", + "name": "5:search_0", + "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json index 98157b6dee6..d74a812e641 100644 --- a/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json +++ b/packages/osquery/kibana/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040.json @@ -1,4 +1,11 @@ { + "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-14T16:57:04.133Z", + "version": "WzU4MCwxXQ==", "attributes": { "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", "hits": 0, @@ -20,10 +27,8 @@ }, "panelsJSON": [ { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 4, "i": "1", @@ -32,14 +37,29 @@ "y": 0 }, "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.11.0-SNAPSHOT" - }, - { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false - }, + "hidePanelTitles": false, + "savedVis": { + "title": "Info OSSEC rootkit [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 5, "i": "2", @@ -48,14 +68,70 @@ "y": 0 }, "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.11.0-SNAPSHOT" - }, - { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false - }, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of rootkits found [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Rootkits", + "field": "osquery.result.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } + }, + { + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 5, "i": "3", @@ -64,13 +140,70 @@ "y": 0 }, "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.11.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "title": "Number of hosts infected [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "agent.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + }, + "type": "visualization" + } }, { - "embeddableConfig": { - "enhancements": {} - }, + "version": "8.1.0", + "type": "visualization", "gridData": { "h": 4, "i": "4", @@ -79,8 +212,24 @@ "y": 0 }, "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.11.0-SNAPSHOT" + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Osquery]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 10, + "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": {} + } + }, + "type": "visualization" + } }, { "embeddableConfig": { @@ -102,36 +251,25 @@ "title": "[Logs Osquery] OSSEC rootkit pack", "version": 1 }, - "id": "osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040", - "migrationVersion": { - "dashboard": "7.11.0" - }, "references": [ { - "id": "osquery-6ec10290-f4aa-11e7-8647-534bb4c21040", - "name": "panel_0", - "type": "visualization" - }, - { - "id": "osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "name": "panel_1", - "type": "visualization" - }, - { - "id": "osquery-ab587180-f4a9-11e7-8647-534bb4c21040", - "name": "panel_2", - "type": "visualization" + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", + "name": "panel_4", + "type": "search" }, { - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "name": "panel_3", - "type": "visualization" + "type": "search", + "name": "2:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" }, { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "panel_4", - "type": "search" + "type": "search", + "name": "3:search_0", + "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json deleted file mode 100644 index 3fd8ea2720d..00000000000 --- a/packages/osquery/kibana/visualization/osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "OS versions [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "field": "osquery.result.host_identifier" - }, - "schema": "metric", - "type": "cardinality" - }, - { - "enabled": true, - "id": "4", - "params": { - "field": "osquery.result.columns.platform_like", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.name", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.version", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "OS versions [Logs Osquery]", - "type": "pie" - } - }, - "id": "osquery-1da1ed30-eb03-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-b5d6baa0-eb02-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json deleted file mode 100644 index ed516faa9d3..00000000000 --- a/packages/osquery/kibana/visualization/osquery-240f3630-eb05-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "osquery.result.columns.status", - "negate": false, - "params": { - "query": "Live", - "type": "phrase" - }, - "type": "phrase", - "value": "Live" - }, - "query": { - "match": { - "osquery.result.columns.status": { - "query": "Live", - "type": "phrase" - } - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of Kernel integrations [Logs Osquery]", - "uiStateJSON": { - "vis": { - "defaultColors": { - "0 - 100": "rgb(0,104,55)" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Live Kernel integrations", - "field": "osquery.result.columns.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "gauge": { - "alignment": "horizontal", - "backStyle": "Full", - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 100 - } - ], - "extendRange": true, - "gaugeColorMode": "Labels", - "gaugeStyle": "Full", - "gaugeType": "Arc", - "invertColors": false, - "labels": { - "color": "black", - "show": true - }, - "orientation": "vertical", - "percentageMode": false, - "scale": { - "color": "#333", - "labels": false, - "show": true - }, - "style": { - "bgColor": false, - "bgFill": "#eee", - "bgMask": false, - "bgWidth": 0.9, - "fontSize": 60, - "labelColor": true, - "mask": false, - "maskBars": 50, - "subText": "", - "width": 0.9 - }, - "type": "meter" - }, - "isDisplayWarning": false, - "type": "gauge" - }, - "title": "Number of Kernel integrations [Logs Osquery]", - "type": "gauge" - } - }, - "id": "osquery-240f3630-eb05-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "osquery-f59e21e0-eb03-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json deleted file mode 100644 index 83aafe6b8ae..00000000000 --- a/packages/osquery/kibana/visualization/osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Navigation [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 10, - "markdown": "[Compliance](#/dashboard/osquery-69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/osquery-c0a7ce90-f4aa-11e7-8647-534bb4c21040)" - }, - "title": "Navigation [Logs Osquery]", - "type": "markdown" - } - }, - "id": "osquery-2d6e0760-f4ab-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json deleted file mode 100644 index c90f9d214ce..00000000000 --- a/packages/osquery/kibana/visualization/osquery-6ec10290-f4aa-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Info OSSEC rootkit [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." - }, - "title": "Info OSSEC rootkit [Logs Osquery]", - "type": "markdown" - } - }, - "id": "osquery-6ec10290-f4aa-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json b/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json deleted file mode 100644 index a7a46efddc6..00000000000 --- a/packages/osquery/kibana/visualization/osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Mounts by type [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "osquery.result.columns.path", - "order": "desc", - "orderBy": "1", - "size": 10 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "osquery.result.columns.type", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Mounts by type [Logs Osquery]", - "type": "pie" - } - }, - "id": "osquery-a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-7a9482d0-eb00-11e7-8f04-51231daa5b05", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index 7b32d87eee6..00000000000 --- a/packages/osquery/kibana/visualization/osquery-ab587180-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of hosts infected [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Hosts", - "field": "agent.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Number of hosts infected [Logs Osquery]", - "type": "metric" - } - }, - "id": "osquery-ab587180-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json b/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json deleted file mode 100644 index f7b696cd83e..00000000000 --- a/packages/osquery/kibana/visualization/osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Number of rootkits found [Logs Osquery]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Rootkits", - "field": "osquery.result.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 40, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Number of rootkits found [Logs Osquery]", - "type": "metric" - } - }, - "id": "osquery-ffdbba50-f4a9-11e7-8647-534bb4c21040", - "migrationVersion": { - "visualization": "7.10.0" - }, - "references": [ - { - "id": "osquery-0fe5dc00-f49b-11e7-8647-534bb4c21040", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index 267474bb9ab..a53624178ab 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: "1.6.0" +version: "1.6.1" release: ga description: Collect logs from Osquery with Elastic Agent. type: integration @@ -15,7 +15,7 @@ categories: - security - os_system conditions: - kibana.version: ^7.14.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-osquery-compatibility.png title: kibana osquery compatibility diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index a0174a79a6c..5a0e31a6613 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.4.1" changes: - description: Fix ingest pipeline grok patterns for OPNsense. diff --git a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json index a3983afc1fa..c863dde2e29 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json @@ -1,208 +1,687 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-986061c0-3a9a-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NCwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - DNS Flow [pfSense]", + "description": "Client IP <-flow-> dns question name", + "uiState": {}, + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"dns.question.name\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -> stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector && groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" + }, + "type": "vega", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 20, + "i": "73294aad-e475-4a63-97d1-fc214a83bb0a", + "w": 34, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "73294aad-e475-4a63-97d1-fc214a83bb0a", - "w": 34, - "x": 0, - "y": 0 - }, - "panelIndex": "73294aad-e475-4a63-97d1-fc214a83bb0a", - "panelRefName": "panel_73294aad-e475-4a63-97d1-fc214a83bb0a", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "panelIndex": "73294aad-e475-4a63-97d1-fc214a83bb0a", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "46725bb5-e239-4fa2-8dfd-4de947863354", - "w": 14, - "x": 34, - "y": 0 - }, - "panelIndex": "46725bb5-e239-4fa2-8dfd-4de947863354", - "panelRefName": "panel_46725bb5-e239-4fa2-8dfd-4de947863354", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 6, + "i": "46725bb5-e239-4fa2-8dfd-4de947863354", + "w": 14, + "x": 34, + "y": 0 + }, + "panelIndex": "46725bb5-e239-4fa2-8dfd-4de947863354", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Question Types [pfSense]", + "description": "Unbound dns question types", + "uiState": { + "vis": { + "legendOpen": true + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "w": 14, - "x": 34, - "y": 6 - }, - "panelIndex": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "panelRefName": "panel_f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "top", + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "a7662c6e-94d5-4062-85f4-0132897f3578", - "w": 24, - "x": 0, - "y": 20 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "a7662c6e-94d5-4062-85f4-0132897f3578", - "panelRefName": "panel_a7662c6e-94d5-4062-85f4-0132897f3578", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", + "w": 14, + "x": 34, + "y": 6 + }, + "panelIndex": "f39b1b4c-b444-4d25-a8c5-a78b6285025f", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Top Client IPs [pfSense]", + "description": "Top 10 client IP unbound events", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "w": 24, - "x": 24, - "y": 20 - }, - "panelIndex": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "panelRefName": "panel_763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "a7662c6e-94d5-4062-85f4-0132897f3578", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "a7662c6e-94d5-4062-85f4-0132897f3578", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Top Queries [pfSense]", + "description": "Top 10 domain name question/queries", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "27569da9-7531-40cf-be93-8778738b68be", - "w": 48, - "x": 0, - "y": 32 - }, - "panelIndex": "27569da9-7531-40cf-be93-8778738b68be", - "panelRefName": "panel_27569da9-7531-40cf-be93-8778738b68be", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "dns.question.registered_domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "763610d2-c8aa-4ab9-9a63-112e2471dcfc", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Unbound - Client IP/Time [pfSense]", + "description": "Unbound client IP over time", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "columns": [ - "log.level", - "client.ip", - "dns.question.name", - "dns.question.type", - "dns.question.class" - ], - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "w": 30, - "x": 0, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "panelRefName": "panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "type": "search", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "27569da9-7531-40cf-be93-8778738b68be", + "w": 48, + "x": 0, + "y": 32 + }, + "panelIndex": "27569da9-7531-40cf-be93-8778738b68be", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "log.level", + "client.ip", + "dns.question.name", + "dns.question.type", + "dns.question.class" + ], + "enhancements": {} + }, + "gridData": { + "h": 21, + "i": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "w": 30, + "x": 0, + "y": 46 + }, + "panelIndex": "7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "panelRefName": "panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "type": "search", + "version": "7.15.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Unbound - Request Rate [pfSense]", + "description": "Unbound request heat map by IP address", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "top", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "w": 18, - "x": 30, - "y": 46 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "panelRefName": "panel_6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "type": "visualization", - "version": "7.15.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Unbound - Dashboard [pfSense]", - "version": 1 + } + }, + "gridData": { + "h": 21, + "i": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", + "w": 18, + "x": 30, + "y": 46 + }, + "panelIndex": "6a32114d-577c-488b-b1e9-b7b4fc8941ae", + "type": "visualization", + "version": "8.0.0" + } + ], + "timeRestore": false, + "title": "Unbound - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", + "name": "7ea4ebda-9d0c-4885-9c37-71cd0665497f:panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", + "type": "search" }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-986061c0-3a9a-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" + { + "type": "search", + "name": "73294aad-e475-4a63-97d1-fc214a83bb0a:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" }, - "references": [ - { - "id": "pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534", - "name": "73294aad-e475-4a63-97d1-fc214a83bb0a:panel_73294aad-e475-4a63-97d1-fc214a83bb0a", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "46725bb5-e239-4fa2-8dfd-4de947863354:panel_46725bb5-e239-4fa2-8dfd-4de947863354", - "type": "visualization" - }, - { - "id": "pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534", - "name": "f39b1b4c-b444-4d25-a8c5-a78b6285025f:panel_f39b1b4c-b444-4d25-a8c5-a78b6285025f", - "type": "visualization" - }, - { - "id": "pfsense-77eaf920-3a98-11eb-96b2-e765737b7534", - "name": "a7662c6e-94d5-4062-85f4-0132897f3578:panel_a7662c6e-94d5-4062-85f4-0132897f3578", - "type": "visualization" - }, - { - "id": "pfsense-98775710-3a98-11eb-96b2-e765737b7534", - "name": "763610d2-c8aa-4ab9-9a63-112e2471dcfc:panel_763610d2-c8aa-4ab9-9a63-112e2471dcfc", - "type": "visualization" - }, - { - "id": "pfsense-5b553450-3a99-11eb-96b2-e765737b7534", - "name": "27569da9-7531-40cf-be93-8778738b68be:panel_27569da9-7531-40cf-be93-8778738b68be", - "type": "visualization" - }, - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "7ea4ebda-9d0c-4885-9c37-71cd0665497f:panel_7ea4ebda-9d0c-4885-9c37-71cd0665497f", - "type": "search" - }, - { - "id": "pfsense-f554afa0-3a98-11eb-96b2-e765737b7534", - "name": "6a32114d-577c-488b-b1e9-b7b4fc8941ae:panel_6a32114d-577c-488b-b1e9-b7b4fc8941ae", - "type": "visualization" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "46725bb5-e239-4fa2-8dfd-4de947863354:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "46725bb5-e239-4fa2-8dfd-4de947863354:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "f39b1b4c-b444-4d25-a8c5-a78b6285025f:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "a7662c6e-94d5-4062-85f4-0132897f3578:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "763610d2-c8aa-4ab9-9a63-112e2471dcfc:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "27569da9-7531-40cf-be93-8778738b68be:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + }, + { + "type": "search", + "name": "6a32114d-577c-488b-b1e9-b7b4fc8941ae:search_0", + "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json index ad9169c12c6..cd4f30dfb54 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json @@ -1,284 +1,1221 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NSwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Event Action [pfSense]", + "description": "Displays quantity of events based on action type", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", + "w": 16, + "x": 0, + "y": 7 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", - "w": 16, - "x": 0, - "y": 7 - }, - "panelIndex": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", - "panelRefName": "panel_0", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", - "w": 17, - "x": 16, - "y": 0 - }, - "panelIndex": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", - "panelRefName": "panel_1", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "d2c26a96-ad50-4155-a67e-b6559246c302", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "d2c26a96-ad50-4155-a67e-b6559246c302", - "panelRefName": "panel_2", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", - "w": 16, - "x": 0, - "y": 0 - }, - "panelIndex": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", - "panelRefName": "panel_3", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", - "w": 15, - "x": 33, - "y": 7 - }, - "panelIndex": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", - "panelRefName": "panel_4", - "version": "7.11.0" + "panelIndex": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "Treemap depicting the top 10 countries by destination ", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778": { + "columnOrder": [ + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35", + "57fc4315-85f4-4449-a8bd-308ec2e81e68" + ], + "columns": { + "57fc4315-85f4-4449-a8bd-308ec2e81e68": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.country_name", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "57fc4315-85f4-4449-a8bd-308ec2e81e68", + "type": "column" + }, + "orderDirection": "desc", + "size": 5, + "parentFormat": { + "id": "terms" + } + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9d13ff42-0a6d-4cb4-bff4-bbd64836de35" + ], + "layerId": "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "legendDisplay": "default", + "metric": "57fc4315-85f4-4449-a8bd-308ec2e81e68", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 0, + "layerType": "data" + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "c2fbea99-8684-446a-a570-48bcbb9f1c39", - "w": 33, - "x": 0, - "y": 14 - }, - "panelIndex": "c2fbea99-8684-446a-a570-48bcbb9f1c39", - "panelRefName": "panel_5", - "version": "7.11.0" + "title": "Firewall - Top Destination Countries/Treemap (Lens) [pfSense]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 14, + "i": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", + "w": 17, + "x": 16, + "y": 0 + }, + "panelIndex": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Interface Selector [pfSense]", + "description": "Select by interface alias", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.ingress.interface.name", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Interface Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", - "w": 15, - "x": 33, - "y": 14 - }, - "panelIndex": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", - "panelRefName": "panel_6", - "version": "7.11.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "d2c26a96-ad50-4155-a67e-b6559246c302", + "w": 15, + "x": 33, + "y": 0 + }, + "panelIndex": "d2c26a96-ad50-4155-a67e-b6559246c302", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", - "w": 33, - "x": 0, - "y": 28 - }, - "panelIndex": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", - "panelRefName": "panel_7", - "version": "7.11.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", + "w": 16, + "x": 0, + "y": 0 + }, + "panelIndex": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport Type [pfSense]", + "description": "Select by network transport type", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "network.transport", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Network Transport Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", + "w": 15, + "x": 33, + "y": 7 + }, + "panelIndex": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "description": "Events over time line chart utilizing the LENS virtualization", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "25e5682a-0461-46dc-aa0a-7ad4cec0eade": { + "columnOrder": [ + "f718697e-acee-4bfd-99f4-3406e224ed7f", + "440112fe-405a-4b46-840e-2b9772961acc", + "31549313-ebc1-427a-9913-3f6f78594221" + ], + "columns": { + "31549313-ebc1-427a-9913-3f6f78594221": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "440112fe-405a-4b46-840e-2b9772961acc": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "f718697e-acee-4bfd-99f4-3406e224ed7f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.action", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "31549313-ebc1-427a-9913-3f6f78594221", + "type": "column" + }, + "orderDirection": "desc", + "size": 5, + "parentFormat": { + "id": "terms" + } + }, + "scale": "ordinal", + "sourceField": "event.action" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "60b4467b-8227-41de-b5ec-00c860793819", - "w": 15, - "x": 33, - "y": 28 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "60b4467b-8227-41de-b5ec-00c860793819", - "panelRefName": "panel_8", - "version": "7.11.0" - }, - { - "embeddableConfig": { - "columns": [ - "observer.name", - "observer.ingress.vlan.id", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "rule.id", - "event.action" + "layers": [ + { + "accessors": [ + "31549313-ebc1-427a-9913-3f6f78594221" ], - "enhancements": {} - }, - "gridData": { - "h": 13, - "i": "290350f0-e295-4441-8228-2f7c74fc8a0c", - "w": 48, - "x": 0, - "y": 43 + "layerId": "25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f718697e-acee-4bfd-99f4-3406e224ed7f", + "xAccessor": "440112fe-405a-4b46-840e-2b9772961acc", + "layerType": "data" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "290350f0-e295-4441-8228-2f7c74fc8a0c", - "panelRefName": "panel_9", - "version": "7.11.0" + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "title": "Firewall - Events/Time (Lens) [pfSense]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "type": "index-pattern" + } + ] + } + }, + "gridData": { + "h": 14, + "i": "c2fbea99-8684-446a-a570-48bcbb9f1c39", + "w": 33, + "x": 0, + "y": 14 + }, + "panelIndex": "c2fbea99-8684-446a-a570-48bcbb9f1c39", + "version": "8.1.0", + "type": "lens" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Events by Interface [pfSense]", + "description": "Pie chart depicting events by interface alias", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "b5d79638-384f-411b-a5c9-0d5aea67c08f", - "w": 24, - "x": 0, - "y": 56 + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "b5d79638-384f-411b-a5c9-0d5aea67c08f", - "panelRefName": "panel_10", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Firewall - Events by Interface", + "field": "observer.ingress.interface.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", + "w": 15, + "x": 33, + "y": 14 + }, + "panelIndex": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Network Transport/Time [pfSense]", + "description": "Events over type based on network transport type", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": true, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "vis": null + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 21, - "i": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", - "w": 24, - "x": 24, - "y": 56 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Network Transport/Time", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", - "panelRefName": "panel_11", - "version": "7.11.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "Firewall - Dashboard [pfSense]", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "pfsense-274304d0-3a8f-11eb-96b2-e765737b7534", - "name": "panel_1", - "type": "lens" + "gridData": { + "h": 15, + "i": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", + "w": 33, + "x": 0, + "y": 28 }, - { - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_2", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "panel_3", - "type": "visualization" + "panelIndex": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall - Network Transport [pfSense]", + "description": "Network transport pie chart", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "row": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Network Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534", - "name": "panel_4", - "type": "visualization" + "gridData": { + "h": 15, + "i": "60b4467b-8227-41de-b5ec-00c860793819", + "w": 15, + "x": 33, + "y": 28 }, - { - "id": "pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534", - "name": "panel_5", - "type": "lens" + "panelIndex": "60b4467b-8227-41de-b5ec-00c860793819", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "columns": [ + "observer.name", + "observer.ingress.vlan.id", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "rule.id", + "event.action" + ], + "enhancements": {} }, - { - "id": "pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534", - "name": "panel_6", - "type": "visualization" + "gridData": { + "h": 13, + "i": "290350f0-e295-4441-8228-2f7c74fc8a0c", + "w": 48, + "x": 0, + "y": 43 }, - { - "id": "pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_7", - "type": "visualization" + "panelIndex": "290350f0-e295-4441-8228-2f7c74fc8a0c", + "panelRefName": "panel_9", + "version": "7.11.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Firewall - Country Destination/Heatmap [pfSense]", + "description": "Heatmap of destination countries", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Destination Heatmap", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "destination.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534", - "name": "panel_8", - "type": "visualization" + "gridData": { + "h": 21, + "i": "b5d79638-384f-411b-a5c9-0d5aea67c08f", + "w": 24, + "x": 0, + "y": 56 }, - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "panel_9", - "type": "search" + "panelIndex": "b5d79638-384f-411b-a5c9-0d5aea67c08f", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "vis": null, + "savedVis": { + "title": "Firewall - Country Source/Heatmap [pfSense]", + "description": "Heatmap of source countries", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Green to Red", + "colorsNumber": 10, + "colorsRange": [], + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": false + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "type": "heatmap", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Firewall - Source Heatmap", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-90m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "source.geo.country_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "pfsense-b1545340-3a8f-11eb-96b2-e765737b7534", - "name": "panel_10", - "type": "visualization" + "gridData": { + "h": 21, + "i": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", + "w": 24, + "x": 24, + "y": 56 }, - { - "id": "pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534", - "name": "panel_11", - "type": "visualization" - } + "panelIndex": "20537b1f-8d42-4522-8f9e-8e6fbccca58a", + "version": "8.0.0", + "type": "visualization" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "Firewall - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", + "name": "panel_9", + "type": "search" + }, + { + "type": "search", + "name": "e0fb8e49-4af8-4958-9d55-8db1ed6cad2b:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "index-pattern", + "name": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "82ed451e-8ee1-41a5-9aea-ffbd723c86cc:indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d2c26a96-ad50-4155-a67e-b6559246c302:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "d2c26a96-ad50-4155-a67e-b6559246c302:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "9db410fe-e1b3-46d1-9e9b-828f3cec05dd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "20a6aca9-2a7c-4b4a-8bd4-f2e9ae5d6249:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c2fbea99-8684-446a-a570-48bcbb9f1c39:indexpattern-datasource-current-indexpattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "c2fbea99-8684-446a-a570-48bcbb9f1c39:indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", + "id": "logs-*" + }, + { + "type": "search", + "name": "f4ceeef3-255f-4a1d-85f3-0635aa6a0772:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "a49d8775-3fc1-4b7b-8e8b-26c9e8705b6a:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "60b4467b-8227-41de-b5ec-00c860793819:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "b5d79638-384f-411b-a5c9-0d5aea67c08f:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "20537b1f-8d42-4522-8f9e-8e6fbccca58a:search_0", + "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json index c028cb38f9c..7021877e467 100644 --- a/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json +++ b/packages/pfsense/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json @@ -1,229 +1,833 @@ { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-22T19:59:25.821Z", + "version": "WzY1NiwxXQ==", + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - IP/MAC Flow [pfSense]", + "description": "", + "uiState": {}, + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"client.mac\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -> stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector && groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" + }, + "type": "vega", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 22, + "i": "2b46d706-0288-4541-8880-ccb2efeeee92", + "w": 35, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 22, - "i": "2b46d706-0288-4541-8880-ccb2efeeee92", - "w": 35, - "x": 0, - "y": 0 - }, - "panelIndex": "2b46d706-0288-4541-8880-ccb2efeeee92", - "panelRefName": "panel_2b46d706-0288-4541-8880-ccb2efeeee92", - "type": "visualization", - "version": "7.10.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "6018121a-9303-4c73-9c96-d23362cdc74d", - "w": 13, - "x": 35, - "y": 0 - }, - "panelIndex": "6018121a-9303-4c73-9c96-d23362cdc74d", - "panelRefName": "panel_6018121a-9303-4c73-9c96-d23362cdc74d", - "type": "visualization", - "version": "7.10.0" + "panelIndex": "2b46d706-0288-4541-8880-ccb2efeeee92", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Interface Selector [pfSense]", + "description": "Select by interface alias", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.ingress.interface.name", + "id": "1607565832669", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Interface Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 7, - "i": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "w": 13, - "x": 35, - "y": 7 - }, - "panelIndex": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "panelRefName": "panel_b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "type": "visualization", - "version": "7.10.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "6018121a-9303-4c73-9c96-d23362cdc74d", + "w": 13, + "x": 35, + "y": 0 + }, + "panelIndex": "6018121a-9303-4c73-9c96-d23362cdc74d", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Firewall Selector [pfSense]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "observer.name", + "id": "1613404486264", + "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "label": "Firewall Selector", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 8, - "i": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "w": 13, - "x": 35, - "y": 14 - }, - "panelIndex": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "panelRefName": "panel_d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "type": "visualization", - "version": "7.10.0" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "pfsense.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "pfsense.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 7, + "i": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", + "w": 13, + "x": 35, + "y": 7 + }, + "panelIndex": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Interface [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "w": 32, - "x": 0, - "y": 22 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "panelRefName": "panel_20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "observer.ingress.interface.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 8, + "i": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", + "w": 13, + "x": 35, + "y": 14 + }, + "panelIndex": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Operation/Time [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "5b500115-4722-432b-8d67-38b1a948c1d5", - "w": 16, - "x": 32, - "y": 22 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-12h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "5b500115-4722-432b-8d67-38b1a948c1d5", - "panelRefName": "panel_5b500115-4722-432b-8d67-38b1a948c1d5", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", + "w": 32, + "x": 0, + "y": 22 + }, + "panelIndex": "20e8c75c-3e93-42ab-b5c5-6ad814b64151", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Operation [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "aa85065f-1b07-468c-b264-1231b59be97b", - "w": 16, - "x": 0, - "y": 36 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "aa85065f-1b07-468c-b264-1231b59be97b", - "panelRefName": "panel_aa85065f-1b07-468c-b264-1231b59be97b", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "5b500115-4722-432b-8d67-38b1a948c1d5", + "w": 16, + "x": 32, + "y": 22 + }, + "panelIndex": "5b500115-4722-432b-8d67-38b1a948c1d5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Client IP [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 14, - "i": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "w": 32, - "x": 16, - "y": 36 - }, - "panelIndex": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "panelRefName": "panel_22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "type": "visualization", - "version": "7.10.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "aa85065f-1b07-468c-b264-1231b59be97b", + "w": 16, + "x": 0, + "y": 36 + }, + "panelIndex": "aa85065f-1b07-468c-b264-1231b59be97b", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "DHCP - Client IP/Time [pfSense]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "columns": [ - "observer.name", - "observer.ingress.interface.name", - "event.action", - "client.ip", - "client.mac", - "pfsense.dhcp.hostname" - ], - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 15, - "i": "73ea92c6-7373-4121-a255-1ed2e43010c1", - "w": 48, - "x": 0, - "y": 50 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-7h", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "73ea92c6-7373-4121-a255-1ed2e43010c1", - "panelRefName": "panel_73ea92c6-7373-4121-a255-1ed2e43010c1", - "type": "search", - "version": "7.10.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "DHCP - Dashboard [pfSense]", - "version": 1 + } + }, + "gridData": { + "h": 14, + "i": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", + "w": 32, + "x": 16, + "y": 36 + }, + "panelIndex": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "columns": [ + "observer.name", + "observer.ingress.interface.name", + "event.action", + "client.ip", + "client.mac", + "pfsense.dhcp.hostname" + ], + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "73ea92c6-7373-4121-a255-1ed2e43010c1", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "73ea92c6-7373-4121-a255-1ed2e43010c1", + "panelRefName": "panel_73ea92c6-7373-4121-a255-1ed2e43010c1", + "type": "search", + "version": "7.10.0" + } + ], + "timeRestore": false, + "title": "DHCP - Dashboard [pfSense]", + "version": 1 + }, + "references": [ + { + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", + "name": "73ea92c6-7373-4121-a255-1ed2e43010c1:panel_73ea92c6-7373-4121-a255-1ed2e43010c1", + "type": "search" }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "dashboard": "7.14.0" + { + "type": "search", + "name": "2b46d706-0288-4541-8880-ccb2efeeee92:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" }, - "references": [ - { - "id": "pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534", - "name": "2b46d706-0288-4541-8880-ccb2efeeee92:panel_2b46d706-0288-4541-8880-ccb2efeeee92", - "type": "visualization" - }, - { - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "name": "6018121a-9303-4c73-9c96-d23362cdc74d:panel_6018121a-9303-4c73-9c96-d23362cdc74d", - "type": "visualization" - }, - { - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:panel_b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082", - "type": "visualization" - }, - { - "id": "pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534", - "name": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8:panel_d9f98967-4e91-4eef-9a43-9caaeeebe6f8", - "type": "visualization" - }, - { - "id": "pfsense-457371f0-3afe-11eb-96b2-e765737b7534", - "name": "20e8c75c-3e93-42ab-b5c5-6ad814b64151:panel_20e8c75c-3e93-42ab-b5c5-6ad814b64151", - "type": "visualization" - }, - { - "id": "pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534", - "name": "5b500115-4722-432b-8d67-38b1a948c1d5:panel_5b500115-4722-432b-8d67-38b1a948c1d5", - "type": "visualization" - }, - { - "id": "pfsense-9990cd00-3afe-11eb-96b2-e765737b7534", - "name": "aa85065f-1b07-468c-b264-1231b59be97b:panel_aa85065f-1b07-468c-b264-1231b59be97b", - "type": "visualization" - }, - { - "id": "pfsense-072449e0-3a9c-11eb-96b2-e765737b7534", - "name": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5:panel_22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5", - "type": "visualization" - }, - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "73ea92c6-7373-4121-a255-1ed2e43010c1:panel_73ea92c6-7373-4121-a255-1ed2e43010c1", - "type": "search" - } - ], - "type": "dashboard" + { + "type": "index-pattern", + "name": "6018121a-9303-4c73-9c96-d23362cdc74d:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6018121a-9303-4c73-9c96-d23362cdc74d:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "b7f79d47-95a2-4bfd-8f8f-4d6dc56ac082:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "d9f98967-4e91-4eef-9a43-9caaeeebe6f8:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "20e8c75c-3e93-42ab-b5c5-6ad814b64151:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "5b500115-4722-432b-8d67-38b1a948c1d5:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "aa85065f-1b07-468c-b264-1231b59be97b:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + }, + { + "type": "search", + "name": "22ea957e-7ba8-4ce0-b5d5-ccd92cb4deb5:search_0", + "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 0e6f2067c44..00000000000 --- a/packages/pfsense/kibana/lens/pfsense-274304d0-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "Treemap depicting the top 10 countries by destination ", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778": { - "columnOrder": [ - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35", - "57fc4315-85f4-4449-a8bd-308ec2e81e68" - ], - "columns": { - "57fc4315-85f4-4449-a8bd-308ec2e81e68": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.country_name", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "57fc4315-85f4-4449-a8bd-308ec2e81e68", - "type": "column" - }, - "orderDirection": "desc", - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.country_name" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9d13ff42-0a6d-4cb4-bff4-bbd64836de35" - ], - "layerId": "d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", - "legendDisplay": "default", - "metric": "57fc4315-85f4-4449-a8bd-308ec2e81e68", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 0 - } - ], - "shape": "treemap" - } - }, - "title": "Firewall - Top Destination Countries/Treemap (Lens) [pfSense]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-274304d0-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-d77ab0e4-c2c2-4fb4-bd98-63c13ade7778", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json deleted file mode 100644 index 02f2a08f36a..00000000000 --- a/packages/pfsense/kibana/lens/pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "attributes": { - "description": "Events over time line chart utilizing the LENS virtualization", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "25e5682a-0461-46dc-aa0a-7ad4cec0eade": { - "columnOrder": [ - "f718697e-acee-4bfd-99f4-3406e224ed7f", - "440112fe-405a-4b46-840e-2b9772961acc", - "31549313-ebc1-427a-9913-3f6f78594221" - ], - "columns": { - "31549313-ebc1-427a-9913-3f6f78594221": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "440112fe-405a-4b46-840e-2b9772961acc": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "f718697e-acee-4bfd-99f4-3406e224ed7f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.action", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "31549313-ebc1-427a-9913-3f6f78594221", - "type": "column" - }, - "orderDirection": "desc", - "size": 5 - }, - "scale": "ordinal", - "sourceField": "event.action" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "31549313-ebc1-427a-9913-3f6f78594221" - ], - "layerId": "25e5682a-0461-46dc-aa0a-7ad4cec0eade", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f718697e-acee-4bfd-99f4-3406e224ed7f", - "xAccessor": "440112fe-405a-4b46-840e-2b9772961acc" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - } - } - }, - "title": "Firewall - Events/Time (Lens) [pfSense]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-b3edd4c0-3a8d-11eb-96b2-e765737b7534", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-25e5682a-0461-46dc-aa0a-7ad4cec0eade", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 861bacfab59..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-072449e0-3a9c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Client IP/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "DHCP - Client IP/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-072449e0-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 6d4a93db48f..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "Select by interface alias", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Interface Selector [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "observer.ingress.interface.name", - "id": "1607565832669", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Interface Selector", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Interface Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-12e2d4a0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 9155a7cbc18..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "Unbound dns question types", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Question Types [pfSense]", - "uiStateJSON": { - "vis": { - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "top", - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Unbound - Question Types [pfSense]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-2fed9a00-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json b/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json deleted file mode 100644 index 7ba842998d3..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Firewall Selector [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "observer.name", - "id": "1613404486264", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Firewall Selector", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Firewall Selector", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-3c2082f0-6fa6-11eb-bc1e-ffcd90393e56", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json deleted file mode 100644 index 51608a851e6..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-457371f0-3afe-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Operation/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-12h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "DHCP - Operation/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-457371f0-3afe-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 36e0368a31e..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "attributes": { - "description": "Select by network transport type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "pfsense.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "pfsense.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Network Transport Type [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "network.transport", - "id": "1607565832669", - "indexPatternRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "label": "Network Transport Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Network Transport Type", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-46e88c90-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 3cd95bc7529..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-5b553450-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,162 +0,0 @@ -{ - "attributes": { - "description": "Unbound client IP over time", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Client IP/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Unbound - Client IP/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-5b553450-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 4c3feff8926..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Interface [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "observer.ingress.interface.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Interface", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-6f94bd20-3a9c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index ac67cef3e3d..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-77eaf920-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "Top 10 client IP unbound events", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Top Client IPs [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Unbound - Top Client IPs", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-77eaf920-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json deleted file mode 100644 index 21d7dea934a..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "description": "Displays quantity of events based on action type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Event Action [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Event Action", - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Firewall - Event Action", - "type": "metric" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-88b2daa0-3a8b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index 4b00da05dd7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-98775710-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "Top 10 domain name question/queries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Top Queries [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "dns.question.registered_domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Unbound - Top Queried Domains ", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-98775710-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json deleted file mode 100644 index f80fb7eba60..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-9990cd00-3afe-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Client IP [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Client IP", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-9990cd00-3afe-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 1318078735d..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-b1545340-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "Heatmap of destination countries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Country Destination/Heatmap [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Destination Heatmap", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "destination.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Firewall - Country Destination/Heatmap", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-b1545340-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json deleted file mode 100644 index d4b9d44dcd7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - IP/MAC Flow [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"client.mac\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" - }, - "title": "DHCP - IP/MAC Flow", - "type": "vega" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-bf8b2040-3a9b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index 382bc54820b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "attributes": { - "description": "Events over type based on network transport type", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Network Transport/Time [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Network Transport/Time", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": true, - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Firewall - Network Transport/Time", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-c8a34db0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json deleted file mode 100644 index 7e9b0b2cf34..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "Heatmap of source countries", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Country Source/Heatmap [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Source Heatmap", - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-90m", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "source.geo.country_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "right", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Firewall - Country Source/Heatmap", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-dc86acc0-3a8f-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json deleted file mode 100644 index c5a95ba58a6..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "DHCP - Operation [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "DHCP - Operation", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-dffb6ab0-3a9b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json deleted file mode 100644 index 056fcab324b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "attributes": { - "description": "Client IP \u003c-flow-\u003e dns question name", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - DNS Flow [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "spec": "{\n $schema: https://vega.github.io/schema/vega/v3.0.json\n data: [\n {\n // query ES based on the currently selected time range and filter string\n name: rawData\n url: {\n %context%: true\n %timefield%: @timestamp\n index: logs-*\n body: {\n size: 0\n aggs: {\n table: {\n composite: {\n size: 10000\n sources: [\n {\n stk1: {\n terms: {field: \"client.ip\"}\n }\n }\n {\n stk2: {\n terms: {field: \"dns.question.name\"}\n }\n }\n ]\n }\n }\n }\n }\n }\n // From the result, take just the data we are interested in\n format: {property: \"aggregations.table.buckets\"}\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\n ]\n }\n {\n name: nodes\n source: rawData\n transform: [\n // when a country is selected, filter out unrelated data\n {\n type: filter\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\n }\n // Set new key for later lookups - identifies each node\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\n // instead of each table row, create two new rows,\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\n {\n type: fold\n fields: [\"stk1\", \"stk2\"]\n as: [\"stack\", \"grpId\"]\n }\n // Create a sortkey, different for stk1 and stk2 stacks.\n // Space separator ensures proper sort order in some corner cases.\n {\n type: formula\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\n as: sortField\n }\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\n // independently for each stack, and ensuring they are in the proper order,\n // alphabetical from the top (reversed on the y axis)\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"sortField\", order: \"descending\"}\n field: size\n }\n // calculate vertical center point for each node, used to draw edges\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\n ]\n }\n {\n name: groups\n source: nodes\n transform: [\n // combine all nodes into country groups, summing up the doc counts\n {\n type: aggregate\n groupby: [\"stack\", \"grpId\"]\n fields: [\"size\"]\n ops: [\"sum\"]\n as: [\"total\"]\n }\n // re-calculate the stacking y0,y1 values\n {\n type: stack\n groupby: [\"stack\"]\n sort: {field: \"grpId\", order: \"descending\"}\n field: total\n }\n // project y0 and y1 values to screen coordinates\n // doing it once here instead of doing it several times in marks\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\n // boolean flag if the label should be on the right of the stack\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\n // Calculate traffic percentage for this country using \"y\" scale\n // domain upper bound, which represents the total traffic\n {\n type: formula\n expr: datum.total/domain('y')[1]\n as: percentage\n }\n ]\n }\n {\n // This is a temp lookup table with all the 'stk2' stack nodes\n name: destinationNodes\n source: nodes\n transform: [\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\n ]\n }\n {\n name: edges\n source: nodes\n transform: [\n // we only want nodes from the left stack\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\n // find corresponding node from the right stack, keep it as \"target\"\n {\n type: lookup\n from: destinationNodes\n key: key\n fields: [\"key\"]\n as: [\"target\"]\n }\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\n {\n type: linkpath\n orient: horizontal\n shape: diagonal\n sourceY: {expr: \"scale('y', datum.yc)\"}\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\n targetY: {expr: \"scale('y', datum.target.yc)\"}\n targetX: {expr: \"scale('x', 'stk2')\"}\n }\n // A little trick to calculate the thickness of the line.\n // The value needs to be the same as the hight of the node, but scaling\n // size to screen's height gives inversed value because screen's Y\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\n // is at the bottom. So subtracting scaled doc count from screen height\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\n {\n type: formula\n expr: range('y')[0]-scale('y', datum.size)\n as: strokeWidth\n }\n // Tooltip needs individual link's percentage of all traffic\n {\n type: formula\n expr: datum.size/domain('y')[1]\n as: percentage\n }\n ]\n }\n ]\n scales: [\n {\n // calculates horizontal stack positioning\n name: x\n type: band\n range: width\n domain: [\"stk1\", \"stk2\"]\n paddingOuter: 0.05\n paddingInner: 0.95\n }\n {\n // this scale goes up as high as the highest y1 value of all nodes\n name: y\n type: linear\n range: height\n domain: {data: \"nodes\", field: \"y1\"}\n }\n {\n // use rawData to ensure the colors stay the same when clicking.\n name: color\n type: ordinal\n range: category\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\n }\n {\n // this scale is used to map internal ids (stk1, stk2) to stack names\n name: stackNames\n type: ordinal\n range: [\"Source\", \"Destination\"]\n domain: [\"stk1\", \"stk2\"]\n }\n ]\n axes: [\n {\n // x axis should use custom label formatting to print proper stack names\n orient: bottom\n scale: x\n encode: {\n labels: {\n update: {\n text: {scale: \"stackNames\", field: \"value\"}\n }\n }\n }\n }\n {orient: \"left\", scale: \"y\"}\n ]\n marks: [\n {\n // draw the connecting line between stacks\n type: path\n name: edgeMark\n from: {data: \"edges\"}\n // this prevents some autosizing issues with large strokeWidth for paths\n clip: true\n encode: {\n update: {\n // By default use color of the left node, except when showing traffic\n // from just one country, in which case use destination color.\n stroke: [\n {\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\n scale: color\n field: stk2\n }\n {scale: \"color\", field: \"stk1\"}\n ]\n strokeWidth: {field: \"strokeWidth\"}\n path: {field: \"path\"}\n // when showing all traffic, and hovering over a country,\n // highlight the traffic from that country.\n strokeOpacity: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\n }\n // Ensure that the hover-selected edges show on top\n zindex: {\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\n }\n // format tooltip string\n tooltip: {\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n // Simple mouseover highlighting of a single line\n hover: {\n strokeOpacity: {value: 1}\n }\n }\n }\n {\n // draw stack groups (countries)\n type: rect\n name: groupMark\n from: {data: \"groups\"}\n encode: {\n enter: {\n fill: {scale: \"color\", field: \"grpId\"}\n width: {scale: \"x\", band: 1}\n }\n update: {\n x: {scale: \"x\", field: \"stack\"}\n y: {field: \"scaledY0\"}\n y2: {field: \"scaledY1\"}\n fillOpacity: {value: 0.6}\n tooltip: {\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\n }\n }\n hover: {\n fillOpacity: {value: 1}\n }\n }\n }\n {\n // draw country code labels on the inner side of the stack\n type: text\n from: {data: \"groups\"}\n // don't process events for the labels - otherwise line mouseover is unclean\n interactive: false\n encode: {\n update: {\n // depending on which stack it is, position x with some padding\n x: {\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\n }\n // middle of the group\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n // only show text label if the group's height is large enough\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\n }\n }\n }\n {\n // Create a \"show all\" button. Shown only when a country is selected.\n type: group\n data: [\n // We need to make the button show only when groupSelector signal is true.\n // Each mark is drawn as many times as there are elements in the backing data.\n // Which means that if values list is empty, it will not be drawn.\n // Here I create a data source with one empty object, and filter that list\n // based on the signal value. This can only be done in a group.\n {\n name: dataForShowAll\n values: [{}]\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\n }\n ]\n // Set button size and positioning\n encode: {\n enter: {\n xc: {signal: \"width/2\"}\n y: {value: 30}\n width: {value: 80}\n height: {value: 30}\n }\n }\n marks: [\n {\n // This group is shown as a button with rounded corners.\n type: group\n // mark name allows signal capturing\n name: groupReset\n // Only shows button if dataForShowAll has values.\n from: {data: \"dataForShowAll\"}\n encode: {\n enter: {\n cornerRadius: {value: 6}\n fill: {value: \"#f5f5f5\"}\n stroke: {value: \"#c1c1c1\"}\n strokeWidth: {value: 2}\n // use parent group's size\n height: {\n field: {group: \"height\"}\n }\n width: {\n field: {group: \"width\"}\n }\n }\n update: {\n // groups are transparent by default\n opacity: {value: 1}\n }\n hover: {\n opacity: {value: 0.7}\n }\n }\n marks: [\n {\n type: text\n // if true, it will prevent clicking on the button when over text.\n interactive: false\n encode: {\n enter: {\n // center text in the paren group\n xc: {\n field: {group: \"width\"}\n mult: 0.5\n }\n yc: {\n field: {group: \"height\"}\n mult: 0.5\n offset: 2\n }\n align: {value: \"center\"}\n baseline: {value: \"middle\"}\n fontWeight: {value: \"bold\"}\n text: {value: \"Show All\"}\n }\n }\n }\n ]\n }\n ]\n }\n ]\n signals: [\n {\n // used to highlight traffic to/from the same country\n name: groupHover\n value: {}\n on: [\n {\n events: @groupMark:mouseover\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {events: \"mouseout\", update: \"{}\"}\n ]\n }\n // used to filter only the data related to the selected country\n {\n name: groupSelector\n value: false\n on: [\n {\n // Clicking groupMark sets this signal to the filter values\n events: @groupMark:click!\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\n }\n {\n // Clicking \"show all\" button, or double-clicking anywhere resets it\n events: [\n {type: \"click\", markname: \"groupReset\"}\n {type: \"dblclick\"}\n ]\n update: \"false\"\n }\n ]\n }\n ]\n}" - }, - "title": "Unbound - DNS Flow", - "type": "vega" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-e895c9b0-3a99-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json deleted file mode 100644 index 82f42d8cb4c..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "attributes": { - "description": "Pie chart depicting events by interface alias", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Events by Interface [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Firewall - Events by Interface", - "field": "observer.ingress.interface.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Firewall - Events by Interface", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-eadb2e30-3a8b-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json deleted file mode 100644 index 930d20f07e7..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-f554afa0-3a98-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "description": "Unbound request heat map by IP address", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Unbound - Request Rate [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-7h", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "client.ip", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "colorSchema": "Green to Red", - "colorsNumber": 10, - "colorsRange": [], - "enableHover": false, - "invertColors": false, - "legendPosition": "top", - "percentageMode": false, - "setColorRange": false, - "times": [], - "type": "heatmap", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "color": "black", - "overwriteColor": false, - "rotate": 0, - "show": false - }, - "scale": { - "defaultYExtents": false, - "type": "linear" - }, - "show": false, - "type": "value" - } - ] - }, - "title": "Unbound - Request Rate", - "type": "heatmap" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-f554afa0-3a98-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json b/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json deleted file mode 100644 index b5af1c1c14b..00000000000 --- a/packages/pfsense/kibana/visualization/pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "attributes": { - "description": "Network transport pie chart", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Firewall - Network Transport [pfSense]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Firewall - Network Transport", - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "row": true, - "type": "pie" - }, - "title": "Firewall - Network Transport ", - "type": "pie" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "pfsense-feb1a6e0-3a8c-11eb-96b2-e765737b7534", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "pfsense-22edf800-3a8e-11eb-96b2-e765737b7534", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 48c0e375aff..f9c08f77c0e 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense -version: "1.4.1" +version: "1.4.2" release: ga description: Collect logs from pfSense and OPNsense with Elastic Agent. type: integration @@ -15,7 +15,7 @@ categories: - network - security conditions: - kibana.version: ^7.15.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/firewall.png title: pfSense Firewall Dashboard diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 71f81423228..96bebf124ca 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "1.5.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/qnap_nas/data_stream/log/sample_event.json b/packages/qnap_nas/data_stream/log/sample_event.json index 08213648efc..d85f18d7ada 100644 --- a/packages/qnap_nas/data_stream/log/sample_event.json +++ b/packages/qnap_nas/data_stream/log/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b6db294f-f5fd-4570-9d9c-cd0a74001651", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "d78177be-a52f-47d7-ab88-ce74c24bde53", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "qnap_nas.log", @@ -16,9 +16,9 @@ "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "create-directory", @@ -28,7 +28,7 @@ ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-01-02T09:51:24Z", + "ingested": "2022-11-24T09:21:53Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -43,11 +43,11 @@ "name": "qnap-nas01" }, "input": { - "type": "udp" + "type": "tcp" }, "log": { "source": { - "address": "172.18.0.7:46086" + "address": "172.24.0.4:35244" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/docs/README.md b/packages/qnap_nas/docs/README.md index ed08cb6be2e..f287748b55f 100644 --- a/packages/qnap_nas/docs/README.md +++ b/packages/qnap_nas/docs/README.md @@ -14,11 +14,11 @@ An example event for `log` looks as following: { "@timestamp": "2022-10-30T20:24:24.000Z", "agent": { - "ephemeral_id": "b6db294f-f5fd-4570-9d9c-cd0a74001651", - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "ephemeral_id": "d78177be-a52f-47d7-ab88-ce74c24bde53", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.1.0" }, "data_stream": { "dataset": "qnap_nas.log", @@ -29,9 +29,9 @@ An example event for `log` looks as following: "version": "8.5.0" }, "elastic_agent": { - "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", + "id": "8ad7c85d-9943-4b05-b50f-ccab228ad581", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.1.0" }, "event": { "action": "create-directory", @@ -41,7 +41,7 @@ An example event for `log` looks as following: ], "created": "2022-10-30T20:24:24.000Z", "dataset": "qnap_nas.log", - "ingested": "2022-01-02T09:51:24Z", + "ingested": "2022-11-24T09:21:53Z", "kind": "event", "provider": "conn-log", "timezone": "+00:00", @@ -56,11 +56,11 @@ An example event for `log` looks as following: "name": "qnap-nas01" }, "input": { - "type": "udp" + "type": "tcp" }, "log": { "source": { - "address": "172.18.0.7:46086" + "address": "172.24.0.4:35244" }, "syslog": { "priority": 30 diff --git a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json index d7e482ad7de..350bbf92cf6 100644 --- a/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json +++ b/packages/qnap_nas/kibana/dashboard/qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75.json @@ -1,4 +1,11 @@ { + "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-24T08:38:18.380Z", + "version": "WzYxNiwxXQ==", "attributes": { "description": "", "hits": 0, @@ -20,7 +27,112 @@ { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": true + "hidePanelTitles": true, + "savedVis": { + "title": "Controls [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "source.ip", + "id": "1637528635830", + "indexPatternRefName": "control_0_index_pattern", + "label": "Source IP", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "host.name", + "id": "1637528676545", + "indexPatternRefName": "control_1_index_pattern", + "label": "NAS Hostname", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "user.name", + "id": "1637528892452", + "indexPatternRefName": "control_2_index_pattern", + "label": "User", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "qnap.nas.connection_type", + "id": "1637530638172", + "indexPatternRefName": "control_3_index_pattern", + "label": "Connection Type", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "qnap_nas.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "qnap_nas.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 7, @@ -30,15 +142,100 @@ "y": 0 }, "panelIndex": "08e193f5-7994-4a34-8572-62dd8fb527fd", - "panelRefName": "panel_08e193f5-7994-4a34-8572-62dd8fb527fd", "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "version": "8.0.0" }, { "embeddableConfig": { "enhancements": {}, "vis": { "legendOpen": false + }, + "savedVis": { + "title": "File Actions [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.category", + "negate": false, + "params": { + "query": "file" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.category": "file" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } }, "gridData": { @@ -49,13 +246,80 @@ "y": 7 }, "panelIndex": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "panelRefName": "panel_41e893ff-a7e2-4146-af96-35cd7fc9b5b9", "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Connection Types [QNAP NAS]", + "description": "", + "uiState": { + "vis": { + "legendOpen": false + } + }, + "params": { + "addLegend": false, + "addTooltip": true, + "distinctColors": false, + "isDonut": false, + "labels": { + "last_level": false, + "percentDecimals": 2, + "position": "default", + "show": true, + "truncate": 100, + "values": true, + "valuesFormat": "percent" + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "default", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "qnap.nas.connection_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 18, @@ -65,9 +329,8 @@ "y": 7 }, "panelIndex": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "panelRefName": "panel_3bef5ad2-ec7d-4cd0-b8af-255533d30f62", "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "version": "8.0.0" }, { "embeddableConfig": { @@ -86,6 +349,78 @@ } ] } + }, + "savedVis": { + "title": "Top Accessed Files [QNAP NAS]", + "description": "", + "uiState": {}, + "params": { + "autoFitRowToContent": false, + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": false, + "showTotal": false, + "totalFunc": "sum" + }, + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "file.path", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } } }, "gridData": { @@ -96,13 +431,181 @@ "y": 7 }, "panelIndex": "20d36c90-71af-4062-94da-0374c871667e", - "panelRefName": "panel_20d36c90-71af-4062-94da-0374c871667e", "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "version": "8.0.0" }, { "embeddableConfig": { - "enhancements": {} + "enhancements": {}, + "savedVis": { + "title": "Event Actions over Time", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "default", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 3, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1y/d", + "to": "now" + }, + "useNormalizedEsInterval": true, + "used_interval": "1w" + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.provider", + "negate": false, + "params": { + "query": "conn-log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.provider": "conn-log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, "gridData": { "h": 17, @@ -112,46 +615,78 @@ "y": 25 }, "panelIndex": "e0abcb09-b900-4d29-9146-02ab3aca914e", - "panelRefName": "panel_e0abcb09-b900-4d29-9146-02ab3aca914e", "type": "visualization", - "version": "7.16.0-SNAPSHOT" + "version": "8.0.0" } ], "timeRestore": false, "title": "[QNAP NAS] Access Logs", "version": 1 }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-32e28700-4b0c-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "dashboard": "7.16.0" - }, "references": [ { - "id": "qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75", - "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:panel_08e193f5-7994-4a34-8572-62dd8fb527fd", - "type": "visualization" + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_0_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_1_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_2_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "08e193f5-7994-4a34-8572-62dd8fb527fd:control_3_index_pattern", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" }, { - "id": "qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "41e893ff-a7e2-4146-af96-35cd7fc9b5b9:panel_41e893ff-a7e2-4146-af96-35cd7fc9b5b9", - "type": "visualization" + "type": "search", + "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" }, { - "id": "qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75", - "name": "3bef5ad2-ec7d-4cd0-b8af-255533d30f62:panel_3bef5ad2-ec7d-4cd0-b8af-255533d30f62", - "type": "visualization" + "type": "index-pattern", + "name": "20d36c90-71af-4062-94da-0374c871667e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" }, { - "id": "qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75", - "name": "20d36c90-71af-4062-94da-0374c871667e:panel_20d36c90-71af-4062-94da-0374c871667e", - "type": "visualization" + "type": "search", + "name": "20d36c90-71af-4062-94da-0374c871667e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" }, { - "id": "qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75", - "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:panel_e0abcb09-b900-4d29-9146-02ab3aca914e", - "type": "visualization" + "type": "index-pattern", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "logs-*" + }, + { + "type": "search", + "name": "e0abcb09-b900-4d29-9146-02ab3aca914e:search_0", + "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75" } ], - "type": "dashboard" + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index f85df455008..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Connection Types [QNAP NAS]", - "uiStateJSON": { - "vis": { - "legendOpen": false - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "qnap.nas.connection_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Connection Types [QNAP NAS]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-05c7ac80-4b0e-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 7cb2102b599..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "qnap_nas.log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "qnap_nas.log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Controls [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "source.ip", - "id": "1637528635830", - "indexPatternRefName": "control_0_index_pattern", - "label": "Source IP", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "host.name", - "id": "1637528676545", - "indexPatternRefName": "control_1_index_pattern", - "label": "NAS Hostname", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "user.name", - "id": "1637528892452", - "indexPatternRefName": "control_2_index_pattern", - "label": "User", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "qnap.nas.connection_type", - "id": "1637530638172", - "indexPatternRefName": "control_3_index_pattern", - "label": "Connection Type", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Controls [QNAP NAS]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-47e207a0-4b13-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "control_3_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 9f51baa3a47..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,194 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Actions over Time", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-1y/d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "1w" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "default", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 3, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Event Actions over TIme", - "type": "histogram" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-6cc17ac0-4b0d-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index ede305f5fe6..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.category", - "negate": false, - "params": { - "query": "file" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.category": "file" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "File Actions [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "distinctColors": false, - "isDonut": false, - "labels": { - "last_level": false, - "percentDecimals": 2, - "position": "default", - "show": true, - "truncate": 100, - "values": true, - "valuesFormat": "percent" - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "default", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "File Actions [QNAP NAS]", - "type": "pie" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-ae17aa40-4b0c-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json b/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json deleted file mode 100644 index 332ce87d925..00000000000 --- a/packages/qnap_nas/kibana/visualization/qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.provider", - "negate": false, - "params": { - "query": "conn-log" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "event.provider": "conn-log" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Accessed Files [QNAP NAS]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "file.path", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "autoFitRowToContent": false, - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": false, - "showTotal": false, - "totalFunc": "sum" - }, - "title": "Top Accessed Files [QNAP NAS]", - "type": "table" - } - }, - "coreMigrationVersion": "7.16.0", - "id": "qnap_nas-d315c4c0-4b0d-11ec-b2cc-b9a3cc301b75", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "qnap_nas-50acdec0-4b0c-11ec-b2cc-b9a3cc301b75", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index 8000697db1e..f2d56bc6da7 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: "1.5.0" +version: "1.5.1" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration @@ -8,7 +8,7 @@ format_version: 1.0.0 license: basic categories: ["security"] conditions: - kibana.version: "^7.16.0 || ^8.0.0" + kibana.version: "^8.1.0" icons: - src: /img/logo.svg title: QNAP logo diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index c4c670f7980..1b3adb65e98 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.4.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "3.4.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json index 8c1ed6ae65d..d502b6edaea 100644 --- a/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json +++ b/packages/santa/kibana/dashboard/santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307.json @@ -1,175 +1,483 @@ { - "attributes": { - "description": "Process executions on macOS monitored by Google Santa.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T06:23:56.756Z", + "version": "WzU3OSwxXQ==", + "attributes": { + "description": "Process executions on macOS monitored by Google Santa.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "data_stream.dataset:santa.log" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Description [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 12, + "markdown": "![Santa Icon](https://raw.githubusercontent.com/google/santa/main/Source/santa/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "data_stream.dataset:santa.log" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "1", + "w": 10, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "1", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "1", - "panelRefName": "panel_0", - "version": "7.0.0-alpha1-SNAPSHOT" + "panelIndex": "1", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Decisions [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "(data_stream.dataset:santa.log)" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Decision", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "santa.decision" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "gridData": { + "h": 12, + "i": "2", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "2", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Total Events [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 12, - "i": "2", - "w": 38, - "x": 10, - "y": 0 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "2", - "panelRefName": "panel_1", - "version": "7.0.0-alpha1-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "3", - "w": 10, - "x": 8, - "y": 12 - }, - "panelIndex": "3", - "panelRefName": "panel_2", - "version": "7.0.0-alpha1-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Total Events" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "3", + "w": 10, + "x": 8, + "y": 12 + }, + "panelIndex": "3", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Decision and Reason [Logs Santa]", + "description": "", + "uiState": { + "vis": { + "colors": { + "ALLOW": "#7EB26D" + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "4", - "w": 12, - "x": 36, - "y": 12 - }, - "panelIndex": "4", - "panelRefName": "panel_3", - "version": "7.0.0-alpha1-SNAPSHOT" + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie", + "palette": { + "type": "palette", + "name": "kibana_palette" + }, + "distinctColors": true }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "5", - "w": 8, - "x": 0, - "y": 12 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Decision", + "field": "santa.decision", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" }, - "panelIndex": "5", - "panelRefName": "panel_4", - "version": "7.0.0-alpha1-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Reason", + "field": "santa.reason", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 12, + "x": 36, + "y": 12 + }, + "panelIndex": "4", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Num of Hosts Reporting [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true }, - "gridData": { - "h": 10, - "i": "6", - "w": 18, - "x": 18, - "y": 12 + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" }, - "panelIndex": "6", - "panelRefName": "panel_5", - "version": "7.0.0-alpha1-SNAPSHOT" + "useRanges": false + }, + "type": "metric" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "7", - "w": 48, - "x": 0, - "y": 22 - }, - "panelIndex": "7", - "panelRefName": "panel_6", - "version": "7.0.0-alpha1-SNAPSHOT" + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts Reporting", + "field": "agent.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Santa] Overview", - "version": 1 - }, - "id": "santa-161855f0-ff6a-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "dashboard": "7.11.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307", - "name": "panel_0", - "type": "visualization" + } }, - { - "id": "santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307", - "name": "panel_1", - "type": "visualization" + "gridData": { + "h": 10, + "i": "5", + "w": 8, + "x": 0, + "y": 12 }, - { - "id": "santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307", - "name": "panel_2", - "type": "visualization" + "panelIndex": "5", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Code Signers [Logs Santa]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 39, + "minFontSize": 12, + "orientation": "single", + "scale": "linear", + "showLabel": true, + "palette": { + "type": "palette", + "name": "kibana_palette" + } + }, + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "santa.certificate.common_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307", - "name": "panel_3", - "type": "visualization" + "gridData": { + "h": 10, + "i": "6", + "w": 18, + "x": 18, + "y": 12 }, - { - "id": "santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307", - "name": "panel_4", - "type": "visualization" + "panelIndex": "6", + "version": "8.0.0", + "type": "visualization" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307", - "name": "panel_5", - "type": "visualization" + "gridData": { + "h": 10, + "i": "7", + "w": 48, + "x": 0, + "y": 22 }, - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "panel_6", - "type": "search" - } + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.0.0-alpha1-SNAPSHOT" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Santa] Overview", + "version": 1 + }, + "references": [ + { + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", + "name": "panel_6", + "type": "search" + }, + { + "type": "search", + "name": "3:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "4:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "5:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + }, + { + "type": "search", + "name": "6:search_0", + "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 4312282dbff..00000000000 --- a/packages/santa/kibana/visualization/santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Code Signers [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "santa.certificate.common_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 39, - "minFontSize": 12, - "orientation": "single", - "scale": "linear", - "showLabel": true - }, - "title": "Code Signers [Logs Santa]", - "type": "tagcloud" - } - }, - "id": "santa-11858000-ff6d-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 5dd4e492731..00000000000 --- a/packages/santa/kibana/visualization/santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Decisions [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "(data_stream.dataset:santa.log)" - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "Decision", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "santa.decision" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries" - }, - "title": "Decisions [Logs Santa]", - "type": "metrics" - } - }, - "id": "santa-1579d690-ff6b-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index f25a5b4f303..00000000000 --- a/packages/santa/kibana/visualization/santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Decision and Reason [Logs Santa]", - "uiStateJSON": { - "vis": { - "colors": { - "ALLOW": "#7EB26D" - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Decision", - "field": "santa.decision", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Reason", - "field": "santa.reason", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "type": "pie" - }, - "title": "Decision and Reason [Logs Santa]", - "type": "pie" - } - }, - "id": "santa-30962fe0-ff6c-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 06200680b5e..00000000000 --- a/packages/santa/kibana/visualization/santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Total Events [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Total Events" - }, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Events [Logs Santa]", - "type": "metric" - } - }, - "id": "santa-51677b80-ff6b-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index dd45cfa45d0..00000000000 --- a/packages/santa/kibana/visualization/santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Num of Hosts Reporting [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Hosts Reporting", - "field": "agent.name" - }, - "schema": "metric", - "type": "cardinality" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 60, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Num of Hosts Reporting [Logs Santa]", - "type": "metric" - } - }, - "id": "santa-b06c0460-ff6c-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [ - { - "id": "santa-6d56a010-ff6a-11e8-93c5-d5ecd1b3e307", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json b/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json deleted file mode 100644 index 612043d2fe5..00000000000 --- a/packages/santa/kibana/visualization/santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Description [Logs Santa]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 12, - "markdown": "![Santa Icon](https://raw.githubusercontent.com/google/santa/main/Source/santa/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png)\n\nGoogle Santa is a binary whitelisting/blacklisting system for macOS that monitors process executions.", - "openLinksInNewTab": false - }, - "title": "Description [Logs Santa]", - "type": "markdown" - } - }, - "id": "santa-dad521d0-ff69-11e8-93c5-d5ecd1b3e307", - "migrationVersion": { - "visualization": "7.10.0" - }, - "namespaces": [ - "default" - ], - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index 45e3ddaa045..a8bba434731 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa -version: "3.4.0" +version: "3.4.1" release: ga description: Collect logs from Google Santa with Elastic Agent. type: integration @@ -14,7 +14,7 @@ categories: - security - os_system conditions: - kibana.version: ^7.17.0 || ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-santa-log-overview.png title: kibana santa log overview diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index f9b99df0d85..9a242ace246 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.3" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.5.2" changes: - description: Remove duplicate fields. diff --git a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json index 4f24e5dde5a..e9e60eba7b9 100644 --- a/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c.json @@ -1,245 +1,614 @@ { - "attributes": { - "description": "Overview of the Suricata Alerts dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "suricata-05268ee0-86d1-11e8-b59d-21efb914e65c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T06:37:42.472Z", + "version": "WzU4OSwxXQ==", + "attributes": { + "description": "Overview of the Suricata Alerts dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Alerting Hosts [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 23, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 23, - "x": 0, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Alert Signatures [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 26, - "i": "2", - "w": 25, - "x": 23, - "y": 0 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "3", - "w": 48, - "x": 0, - "y": 41 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "search", - "version": "8.0.0" + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "7", - "w": 12, - "x": 11, - "y": 14 + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Alert Signature", + "field": "rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "bucket", + "type": "terms" }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Alert Category", + "field": "rule.category", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 26, + "i": "2", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 16, + "i": "3", + "w": 48, + "x": 0, + "y": 41 + }, + "panelIndex": "3", + "panelRefName": "panel_3", + "type": "search", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Alerts - Top Destination Countries [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "8", - "w": 11, - "x": 0, - "y": 14 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" + "params": { + "perPage": 5, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "w": 23, - "x": 0, - "y": 0 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "panelRefName": "panel_e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "7", + "w": 12, + "x": 11, + "y": 14 + }, + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Alerts - Top Source Countries [Logs Suricata]", + "description": "", + "uiState": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Alert - Source Location [Logs Suricata]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "w": 23, - "x": 0, - "y": 26 - }, - "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", - "type": "map", - "version": "8.0.0" + "params": { + "perPage": 5, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Alert - Destination Location [Logs Suricata]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 16.40767, - "lon": 0, - "zoom": 1.78 - }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "w": 25, - "x": 23, - "y": 26 + "type": "table", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Source Country", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Suricata] Alert Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-05268ee0-86d1-11e8-b59d-21efb914e65c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "suricata-494fa290-86d2-11e8-b59d-21efb914e65c", - "name": "1:panel_1", - "type": "visualization" - }, - { - "id": "suricata-16033310-86d3-11e8-b59d-21efb914e65c", - "name": "2:panel_2", - "type": "visualization" + } }, - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "3:panel_3", - "type": "search" + "gridData": { + "h": 12, + "i": "8", + "w": 11, + "x": 0, + "y": 14 }, - { - "id": "suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "w": 23, + "x": 0, + "y": 0 }, - { - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "name": "e86b7f30-96da-4f52-9ff0-cefcaadcc914:panel_e86b7f30-96da-4f52-9ff0-cefcaadcc914", - "type": "visualization" + "panelIndex": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", + "w": 23, + "x": 0, + "y": 26 }, - { - "id": "logs-*", - "name": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"967e2051-c2f4-49ef-bc72-d94947e45883\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"cdbf364a-7d6f-499e-9819-0ef05d687969\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Source Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"source.geo.location\",\"id\":\"345ad34d-95d3-4e10-9850-cfd6b366fd7e\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Alert - Source Location [Logs Suricata]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" + } + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 15, + "i": "df498f0d-f08c-48e0-9b9f-1e579824a327", + "w": 25, + "x": 23, + "y": 26 }, - { - "id": "logs-*", - "name": "df498f0d-f08c-48e0-9b9f-1e579824a327:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "df498f0d-f08c-48e0-9b9f-1e579824a327", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"20edc2ac-aae0-4f6b-8eae-405d2423b580\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"9df30dd6-f660-4daf-a2b6-3691e4bd6e81\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Alert - Destination Location [Logs Suricata]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"09c636cb-a239-4636-aaba-abbab2ec3b02\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Alert - Destination Location [Logs Suricata]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 16.40767, + "lon": 0, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Suricata] Alert Overview", + "version": 1 + }, + "references": [ + { + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", + "name": "3:panel_3", + "type": "search" + }, + { + "id": "logs-*", + "name": "4b26e7f7-cfe8-4d5f-8cab-4d793c93c80b:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "df498f0d-f08c-48e0-9b9f-1e579824a327:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "search", + "name": "1:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "2:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "8:search_0", + "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json index 336c00c84e7..6d1b2bd39bb 100644 --- a/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json +++ b/packages/suricata/kibana/dashboard/suricata-78289c40-86da-11e8-b59d-21efb914e65c.json @@ -1,267 +1,919 @@ { - "attributes": { - "description": "Overview of the Surcata events dashboard.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "suricata-78289c40-86da-11e8-b59d-21efb914e65c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T06:37:42.472Z", + "version": "WzU5MCwxXQ==", + "attributes": { + "description": "Overview of the Surcata events dashboard.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Activity Types over Time [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { "filter": [], - "highlightAll": true, "query": { - "language": "kuery", - "query": "" - }, - "version": true + "language": "kuery", + "query": "" + } + } } + } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 10, + "i": "1", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 10, - "i": "1", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "1", - "panelRefName": "panel_1", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "2", - "w": 9, - "x": 0, - "y": 24 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "3", - "w": 11, - "x": 19, - "y": 24 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + "panelIndex": "1", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Types [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 10, - "i": "4", - "w": 48, - "x": 0, - "y": 14 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 19, - "i": "5", - "w": 48, - "x": 0, - "y": 38 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "search", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "ECS Event Type", + "field": "event.type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" }, - "gridData": { - "h": 14, - "i": "6", - "w": 9, - "x": 30, - "y": 24 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "7", - "w": 9, - "x": 39, - "y": 24 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Suricata Event Type", + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "2", + "w": 9, + "x": 0, + "y": 24 + }, + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Network Protocols [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "8", - "w": 10, - "x": 9, - "y": 24 + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "3", + "w": 11, + "x": 19, + "y": 24 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Hosts Generating Events [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {} + "type": "histogram", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 16, - "i": "9", - "w": 48, - "x": 0, - "y": 57 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9", - "panelRefName": "panel_9", - "type": "search", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "3", + "params": { + "field": "host.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 10, + "i": "4", + "w": 48, + "x": 0, + "y": 14 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 19, + "i": "5", + "w": 48, + "x": 0, + "y": 38 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "search", + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Connection Source Countries [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": false }, - { - "embeddableConfig": { - "enhancements": {} + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 4, - "i": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "panelRefName": "panel_78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "title": "", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Source Countries", + "field": "source.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } + }, + "gridData": { + "h": 14, + "i": "6", + "w": 9, + "x": 30, + "y": 24 + }, + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Connection Destination Countries [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 4, - "i": "63e14057-b48b-48fe-b3e2-84f7690d60e8", - "w": 24, - "x": 24, - "y": 0 + "type": "tagcloud", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "63e14057-b48b-48fe-b3e2-84f7690d60e8", - "panelRefName": "panel_63e14057-b48b-48fe-b3e2-84f7690d60e8", - "type": "visualization", - "version": "7.9.0-SNAPSHOT" + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Connection Destination Countries", + "field": "destination.geo.country_iso_code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } } - ], - "timeRestore": false, - "title": "[Logs Suricata] Events Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-78289c40-86da-11e8-b59d-21efb914e65c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "suricata-c7d46c60-86da-11e8-b59d-21efb914e65c", - "name": "1:panel_1", - "type": "visualization" + } }, - { - "id": "suricata-0a0aa630-86db-11e8-b59d-21efb914e65c", - "name": "2:panel_2", - "type": "visualization" + "gridData": { + "h": 14, + "i": "7", + "w": 9, + "x": 39, + "y": 24 }, - { - "id": "suricata-728f64c0-86db-11e8-b59d-21efb914e65c", - "name": "3:panel_3", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top Transport Protocols [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "bottom", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c", - "name": "4:panel_4", - "type": "visualization" + "gridData": { + "h": 14, + "i": "8", + "w": 10, + "x": 9, + "y": 24 }, - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "5:panel_5", - "type": "search" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {} }, - { - "id": "suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c", - "name": "6:panel_6", - "type": "visualization" + "gridData": { + "h": 16, + "i": "9", + "w": 48, + "x": 0, + "y": 57 }, - { - "id": "suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c", - "name": "7:panel_7", - "type": "visualization" + "panelIndex": "9", + "panelRefName": "panel_9", + "type": "search", + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Navigation [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", + "openLinksInNewTab": false + }, + "type": "markdown", + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-0a363820-86dd-11e8-b59d-21efb914e65c", - "name": "8:panel_8", - "type": "visualization" + "gridData": { + "h": 4, + "i": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "w": 24, + "x": 0, + "y": 0 }, - { - "id": "suricata-d57a2db0-86ca-11e8-b59d-21efb914e65c", - "name": "9:panel_9", - "type": "search" + "panelIndex": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "title": "", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Event Count [Logs Suricata]", + "description": "", + "uiState": {}, + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "type": "metric", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Events" + }, + "schema": "metric", + "type": "count" + } + ], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + } + } }, - { - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "name": "78f64fb8-a6ed-4960-a73b-a8c42c40f799:panel_78f64fb8-a6ed-4960-a73b-a8c42c40f799", - "type": "visualization" + "gridData": { + "h": 4, + "i": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "w": 24, + "x": 24, + "y": 0 }, - { - "id": "suricata-169c0600-d297-11ea-90e3-8767fe7ccf14", - "name": "63e14057-b48b-48fe-b3e2-84f7690d60e8:panel_63e14057-b48b-48fe-b3e2-84f7690d60e8", - "type": "visualization" - } + "panelIndex": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "type": "visualization", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Suricata] Events Overview", + "version": 1 + }, + "references": [ + { + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", + "name": "5:panel_5", + "type": "search" + }, + { + "id": "suricata-d57a2db0-86ca-11e8-b59d-21efb914e65c", + "name": "9:panel_9", + "type": "search" + }, + { + "type": "search", + "name": "1:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "2:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "3:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "4:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "6:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "7:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "8:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + }, + { + "type": "search", + "name": "63e14057-b48b-48fe-b3e2-84f7690d60e8:search_0", + "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index d75e1659311..00000000000 --- a/packages/suricata/kibana/visualization/suricata-0a0aa630-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Types [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "ECS Event Type", - "field": "event.type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Suricata Event Type", - "field": "suricata.eve.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Event Types [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-0a0aa630-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 91bcb945961..00000000000 --- a/packages/suricata/kibana/visualization/suricata-0a363820-86dd-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Transport Protocols [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top Transport Protocols [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-0a363820-86dd-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json deleted file mode 100644 index c498afa117b..00000000000 --- a/packages/suricata/kibana/visualization/suricata-16033310-86d3-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Alert Signatures [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Alert Signature", - "field": "rule.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "bucket", - "type": "terms" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Alert Category", - "field": "rule.category", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Top Alert Signatures [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-16033310-86d3-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json b/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json deleted file mode 100644 index 6471dc046ad..00000000000 --- a/packages/suricata/kibana/visualization/suricata-169c0600-d297-11ea-90e3-8767fe7ccf14.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Event Count [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Events" - }, - "schema": "metric", - "type": "count" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 30, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Event Count [Logs Suricata]", - "type": "metric" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-169c0600-d297-11ea-90e3-8767fe7ccf14", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json deleted file mode 100644 index a2d39620636..00000000000 --- a/packages/suricata/kibana/visualization/suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Alerts - Top Destination Countries [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 5, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Alerts - Top Destination Countries [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-2ccdc1a0-86d8-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json deleted file mode 100644 index fc000f3df5d..00000000000 --- a/packages/suricata/kibana/visualization/suricata-494fa290-86d2-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Alerting Hosts [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Alerting Hosts [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-494fa290-86d2-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 5a806ee96d3..00000000000 --- a/packages/suricata/kibana/visualization/suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Connection Source Countries [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top Connection Source Countries", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": false - }, - "title": "Top Connection Source Countries [Logs Suricata]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-5f99eb50-86dc-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index ac87947b42a..00000000000 --- a/packages/suricata/kibana/visualization/suricata-728f64c0-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Network Protocols [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "bottom", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top Network Protocols [Logs Suricata]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-728f64c0-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 83fed82ca25..00000000000 --- a/packages/suricata/kibana/visualization/suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Connection Destination Countries [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Top Connection Destination Countries", - "field": "destination.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "maxFontSize": 72, - "minFontSize": 18, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": false - }, - "title": "Top Connection Destination Countries [Logs Suricata]", - "type": "tagcloud" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-8e7f88d0-86dc-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json b/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json deleted file mode 100644 index 4bbd312a1a7..00000000000 --- a/packages/suricata/kibana/visualization/suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Navigation [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "fontSize": 18, - "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/suricata-78289c40-86da-11e8-b59d-21efb914e65c) | [Alerts](/app/dashboards#/view/suricata-05268ee0-86d1-11e8-b59d-21efb914e65c)", - "openLinksInNewTab": false - }, - "title": "Navigation [Logs Suricata]", - "type": "markdown" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-908e8c90-d296-11ea-90e3-8767fe7ccf14", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 40117d0595e..00000000000 --- a/packages/suricata/kibana/visualization/suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Top Hosts Generating Events [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "host.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Top Hosts Generating Events [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-9d5b5b50-86db-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json deleted file mode 100644 index b02b6e294e3..00000000000 --- a/packages/suricata/kibana/visualization/suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Alerts - Top Source Countries [Logs Suricata]", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Source Country", - "field": "source.geo.country_iso_code", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 5, - "percentageCol": "", - "showMetricsAtAllLevels": false, - "showPartialRows": false, - "showToolbar": true, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Alerts - Top Source Countries [Logs Suricata]", - "type": "table" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-c7b8b8f0-86d8-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-1c2bcec0-86d1-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json b/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json deleted file mode 100644 index 43d1e75ef74..00000000000 --- a/packages/suricata/kibana/visualization/suricata-c7d46c60-86da-11e8-b59d-21efb914e65c.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchRefName": "search_0", - "title": "Activity Types over Time [Logs Suricata]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-6y", - "to": "now" - }, - "useNormalizedEsInterval": true - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "suricata.eve.event_type", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Activity Types over Time [Logs Suricata]", - "type": "histogram" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "suricata-c7d46c60-86da-11e8-b59d-21efb914e65c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "suricata-13dd22f0-86cc-11e8-b59d-21efb914e65c", - "name": "search_0", - "type": "search" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index 22ec2103178..9f8791a89a8 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata -version: "2.5.2" +version: "2.5.3" release: ga description: Collect logs from Suricata with Elastic Agent. type: integration @@ -13,7 +13,7 @@ format_version: 1.0.0 license: basic categories: [network, security] conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/filebeat-suricata-events.png title: filebeat suricata events diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index bad908c4ee2..bf291c965ce 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.1" + changes: + - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load + type: enhancement + link: https://github.com/elastic/integrations/pull/4516 - version: "2.6.0" changes: - description: Update package to ECS 8.5.0. diff --git a/packages/zeek/data_stream/capture_loss/sample_event.json b/packages/zeek/data_stream/capture_loss/sample_event.json new file mode 100644 index 00000000000..09e92fdb4cb --- /dev/null +++ b/packages/zeek/data_stream/capture_loss/sample_event.json @@ -0,0 +1,53 @@ +{ + "@timestamp": "2019-09-10T16:19:28.465Z", + "agent": { + "ephemeral_id": "8c254185-7ed2-4b0a-af78-e371166897c9", + "id": "df514182-bb0b-40b5-96d1-14197e409254", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "8.1.0" + }, + "data_stream": { + "dataset": "zeek.capture_loss", + "namespace": "ep", + "type": "logs" + }, + "ecs": { + "version": "8.5.0" + }, + "elastic_agent": { + "id": "df514182-bb0b-40b5-96d1-14197e409254", + "snapshot": false, + "version": "8.1.0" + }, + "event": { + "agent_id_status": "verified", + "created": "2022-11-23T07:59:28.651Z", + "dataset": "zeek.capture_loss", + "ingested": "2022-11-23T07:59:32Z", + "kind": "metric", + "type": "info" + }, + "input": { + "type": "log" + }, + "log": { + "file": { + "path": "/tmp/service_logs/capture_loss.log" + }, + "offset": 0 + }, + "tags": [ + "forwarded", + "zeek-capture-loss" + ], + "zeek": { + "capture_loss": { + "acks": 206, + "gaps": 0, + "peer": "bro", + "percent_lost": 0, + "ts_delta": 32.282249 + } + } +} \ No newline at end of file diff --git a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json index a60709aa737..b9f4f707146 100644 --- a/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json +++ b/packages/zeek/kibana/dashboard/zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c.json @@ -1,221 +1,690 @@ { - "attributes": { - "description": "Overview of Zeek", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-11-23T07:48:08.211Z", + "version": "WzU4MywxXQ==", + "attributes": { + "description": "Overview of Zeek", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Transport [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "gridData": { + "h": 12, + "i": "2", + "w": 16, + "x": 0, + "y": 20 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "2", - "w": 16, - "x": 0, - "y": 20 - }, - "panelIndex": "2", - "panelRefName": "panel_2", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "3", - "w": 16, - "x": 16, - "y": 20 - }, - "panelIndex": "3", - "panelRefName": "panel_3", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "4", - "w": 16, - "x": 32, - "y": 20 - }, - "panelIndex": "4", - "panelRefName": "panel_4", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 12, - "i": "5", - "w": 16, - "x": 0, - "y": 32 - }, - "panelIndex": "5", - "panelRefName": "panel_5", - "type": "visualization", - "version": "8.0.0" + "panelIndex": "2", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Protocols [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "6", - "w": 16, - "x": 16, - "y": 32 - }, - "panelIndex": "6", - "panelRefName": "panel_6", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.protocol", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "3", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "3", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Network Traffic Direction [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "7", - "w": 16, - "x": 32, - "y": 32 - }, - "panelIndex": "7", - "panelRefName": "panel_7", - "type": "visualization", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "network.direction", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "4", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "4", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top DNS Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {} + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "gridData": { - "h": 12, - "i": "8", - "w": 48, - "x": 0, - "y": 44 - }, - "panelIndex": "8", - "panelRefName": "panel_8", - "type": "visualization", - "version": "8.0.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"indexPatternId\":\"logs-*\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", - "references": [], - "title": "Destination Geo [Logs Zeek]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "isLayerTOCOpen": true, - "mapBuffer": { - "maxLat": 66.51326, - "maxLon": 90, - "minLat": -66.51326, - "minLon": -90 - }, - "mapCenter": { - "lat": 3.3505, - "lon": 10.89865, - "zoom": 1.78 + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.dns.query", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } + }, + "gridData": { + "h": 12, + "i": "5", + "w": 16, + "x": 0, + "y": 32 + }, + "panelIndex": "5", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top URL Domains [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } }, - "openTOCDetails": [] - }, - "gridData": { - "h": 20, - "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "w": 48, - "x": 0, - "y": 0 + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", - "type": "map", - "version": "8.0.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "url.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } } - ], - "timeRestore": false, - "title": "[Logs Zeek] Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-7cbb5410-3700-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "dashboard": "8.0.0" - }, - "references": [ - { - "id": "zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c", - "name": "2:panel_2", - "type": "visualization" + } }, - { - "id": "zeek-466e5850-370d-11e9-aa6d-ff445a78330c", - "name": "3:panel_3", - "type": "visualization" + "gridData": { + "h": 12, + "i": "6", + "w": 16, + "x": 16, + "y": 32 }, - { - "id": "zeek-649acd40-370d-11e9-aa6d-ff445a78330c", - "name": "4:panel_4", - "type": "visualization" + "panelIndex": "6", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Top SSL Servers [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "metric": { + "accessor": 0, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "type": "pie", + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "zeek.ssl.server.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "searchSource": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" + } + } + } + } }, - { - "id": "zeek-9436c270-370d-11e9-aa6d-ff445a78330c", - "name": "5:panel_5", - "type": "visualization" + "gridData": { + "h": 12, + "i": "7", + "w": 16, + "x": 32, + "y": 32 }, - { - "id": "zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c", - "name": "6:panel_6", - "type": "visualization" + "panelIndex": "7", + "type": "visualization", + "version": "8.0.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Number of Sessions Overtime [Logs Zeek]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "logs-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "zeek-e042fda0-370d-11e9-aa6d-ff445a78330c", - "name": "7:panel_7", - "type": "visualization" + "gridData": { + "h": 12, + "i": "8", + "w": 48, + "x": 0, + "y": 44 }, - { - "id": "zeek-f8c40810-370d-11e9-aa6d-ff445a78330c", - "name": "8:panel_8", - "type": "visualization" + "panelIndex": "8", + "type": "visualization", + "version": "8.0.0" + }, + { + "version": "8.1.0", + "type": "map", + "gridData": { + "h": 20, + "i": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "w": 48, + "x": 0, + "y": 0 }, - { - "id": "logs-*", - "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", - "type": "index-pattern" + "panelIndex": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"88dc4f7d-0197-4fbe-98b2-910ba90cfd2d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\"},{\"alpha\":0.75,\"id\":\"d8bacd97-be31-4300-b5f7-7689d528b9ae\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Destination Geo [Logs Zeek]\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"destination.geo.location\",\"id\":\"c3374e39-902e-4cc5-90c5-b6a1a3ebfdf2\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\"},\"type\":\"DYNAMIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"maxSize\":18,\"minSize\":7},\"type\":\"DYNAMIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#3d3d3d\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"GEOJSON_VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"zoom\":1.78,\"center\":{\"lon\":0,\"lat\":16.40767},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "references": [], + "title": "Destination Geo [Logs Zeek]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "isLayerTOCOpen": true, + "mapBuffer": { + "maxLat": 66.51326, + "maxLon": 90, + "minLat": -66.51326, + "minLon": -90 + }, + "mapCenter": { + "lat": 3.3505, + "lon": 10.89865, + "zoom": 1.78 + }, + "openTOCDetails": [], + "type": "map" } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs Zeek] Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "4e6959b3-e0d0-40dc-aca0-b40adcd088bb:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "2:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "3:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "4:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "5:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "6:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + }, + { + "type": "index-pattern", + "name": "7:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "logs-*" + } + ], + "migrationVersion": { + "dashboard": "8.1.0" + }, + "coreMigrationVersion": "8.1.0" } \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 462bd85f7f1..00000000000 --- a/packages/zeek/kibana/visualization/zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Transport [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.transport", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Transport [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-1df7ea80-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 414ef94f960..00000000000 --- a/packages/zeek/kibana/visualization/zeek-466e5850-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Protocols [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.protocol", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Protocols [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-466e5850-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 9d1024ceb19..00000000000 --- a/packages/zeek/kibana/visualization/zeek-649acd40-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Network Traffic Direction [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "network.direction", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Network Traffic Direction [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-649acd40-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 531131972a4..00000000000 --- a/packages/zeek/kibana/visualization/zeek-9436c270-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top DNS Domains [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.dns.query", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top DNS Domains [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-9436c270-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index b68142d1752..00000000000 --- a/packages/zeek/kibana/visualization/zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top URL Domains [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "url.domain", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "buckets": [ - { - "accessor": 0, - "aggType": "terms", - "format": { - "id": "terms", - "params": { - "id": "string", - "missingBucketLabel": "Missing", - "otherBucketLabel": "Other" - } - }, - "params": {} - } - ], - "metric": { - "accessor": 1, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top URL Domains [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-bec2f0e0-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index 204ebfdad97..00000000000 --- a/packages/zeek/kibana/visualization/zeek-e042fda0-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "(data_stream.dataset:zeek.capture_loss OR data_stream.dataset:zeek.connection OR data_stream.dataset:zeek.dce_rpc OR data_stream.dataset:zeek.dhcp OR data_stream.dataset:zeek.dnp3 OR data_stream.dataset:zeek.dns OR data_stream.dataset:zeek.dpd OR data_stream.dataset:zeek.files OR data_stream.dataset:zeek.ftp OR data_stream.dataset:zeek.http OR data_stream.dataset:zeek.intel OR data_stream.dataset:zeek.irc OR data_stream.dataset:zeek.kerberos OR data_stream.dataset:zeek.modbus OR data_stream.dataset:zeek.mysql OR data_stream.dataset:zeek.notice OR data_stream.dataset:zeek.ntlm OR data_stream.dataset:zeek.ocsp OR data_stream.dataset:zeek.pe OR data_stream.dataset:zeek.radius OR data_stream.dataset:zeek.rdp OR data_stream.dataset:zeek.rfb OR data_stream.dataset:zeek.sip OR data_stream.dataset:zeek.smb_cmd OR data_stream.dataset:zeek.smb_files OR data_stream.dataset:zeek.smb_mapping OR data_stream.dataset:zeek.smtp OR data_stream.dataset:zeek.snmp OR data_stream.dataset:zeek.socks OR data_stream.dataset:zeek.ssh OR data_stream.dataset:zeek.ssl OR data_stream.dataset:zeek.stats OR data_stream.dataset:zeek.syslog OR data_stream.dataset:zeek.traceroute OR data_stream.dataset:zeek.tunnel OR data_stream.dataset:zeek.weird OR data_stream.dataset:zeek.x509)" - } - } - }, - "title": "Top SSL Servers [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "zeek.ssl.server.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 10 - }, - "schema": "segment", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTooltip": true, - "dimensions": { - "metric": { - "accessor": 0, - "aggType": "count", - "format": { - "id": "number" - }, - "params": {} - } - }, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "type": "pie" - }, - "title": "Top SSL Servers [Logs Zeek]", - "type": "pie" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-e042fda0-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json b/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json deleted file mode 100644 index a8153a5b32a..00000000000 --- a/packages/zeek/kibana/visualization/zeek-f8c40810-370d-11e9-aa6d-ff445a78330c.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Number of Sessions Overtime [Logs Zeek]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "logs-*", - "interval": "auto", - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Number of Sessions Overtime [Logs Zeek]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "zeek-f8c40810-370d-11e9-aa6d-ff445a78330c", - "migrationVersion": { - "visualization": "8.0.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index eba225894e1..af83a4e13d8 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: "2.6.0" +version: "2.6.1" release: ga description: Collect logs from Zeek with Elastic Agent. type: integration @@ -13,7 +13,7 @@ format_version: 1.0.0 license: basic categories: [network, monitoring, security] conditions: - kibana.version: ^8.0.0 + kibana.version: ^8.1.0 screenshots: - src: /img/kibana-zeek.png title: kibana zeek